Notes from Boston Secure World 2016

In an article for DZone, software engineer Nathan Cooprider offers a summary of key events and talks from day two of the Boston Secure World 2016 Expo. The keynote presentation was “Enhancing Enterprise Resilience through Software Assurance and Supply Chain Risk Management”, from Joe Jarzombek, former director for software assurance - cybersecurity & communications, US Department of Homeland Security. He talked about challenges in ensuring cybersecurity in an ever-evolving landscape. “In Joe’s opinion, security subsumes safety,” wrote Cooprider. “People often try to ‘build a wall’ to gain assurance. It's all reactive. Necessary, but reactive. Instead, we can control our attack surfaces.”

Other sessions included “PCI Compliance”, hosted by Information Security Officer for Alegus, Erika Powell-Burson and “How Adopting the Public Cloud Can Improve Your Enterprise Security”, hosted by Bill Wilder, Chief Technology Officer of the Finomial Corporation.

A panel discussion on “Emerging Threats”, moderated by Ken Patterson, Chief Information Security Officer at Harvard Pilgrim Health Care offered several topics of interest to disaster management professionals, as it involved debates and descriptions of four major areas in the field:

  • The Biggest Emerging Threats, such as insider threats, lack of skills training, and an uneducated end user.
  • Cloud-Specific Threats and Responses. “"The fundamentals still apply: you can just screw up at scale in the cloud,” said panelist Jack Daniel from Tenable.
  • Attacks via new paths offered by The Internet of Things. “IoT allows for new types of threats. For example, an attacker can turn off your server room locks and then crank up the heat to destroy all the equipment and data,” wrote Cooprider.
  • Prioritization of resources and responses. “Don't outsource incompetence. We can all be incompetent ourselves for much cheaper,” said Daniel.