/* Style Definitions */
mso-padding-alt:0in 5.4pt 0in 5.4pt;
Today I am lucky enough to get to present at the National Conference of State Legislators Annual Summit on “Keeping hackers out of your Capitol”. This is a great subject I get to bring to legislators and legislative staff from around the world.
My talk this afternoon breaks down to three main areas:
Every successful security program is based on a good security awareness program. If you are not giving your end users the information and tools to help you keep your network secure you are setting yourself up for failure.
Money. There I said it. Good security isn’t cheap. Great security is expensive. If you haven’t updated your firewall in the last 3 years you have the 1973 Ford Pinto of firewalls. If you haven’t invested in a patching system or aren’t running a black hole system like OpenDNS you are exposing your network and users to an unnecessarily high level of risk.
Getting management buy-in in a legislative environment is amazingly easy. Just get hacked. Your budget increases, you get the tools and staff you need. Reporters calls you. You may get fired. You are truly living the dream.
Getting management buy-in without putting your job at risk is a much harder task to. It takes soft-skills that most security people are not known for. It takes the ability to talk convincingly to legislative leaders and administrators about why they need to spend money to stop something that they think may not happen (Who wants to hack us?).
Hopefully this talk leads to a bunch of change inducing conversations with legislative leaders from around the world.