What matters most now? Getting ahead of the security curve

Daniel Maloney (SVP and Chief Security Officer at Verizon) has nearly two decades of experience leading large global security programs and teams, and he’s known for being ahead of the curve – with an eye on the bigger picture, he has a knack for recognising global security concerns before they become a problem.

We caught up with Maloney for some quick-fire questions ahead of his appearance at Black Hat MEA 2023.

Could you share your career journey so far?

“I entered the cyber field in 2009 when I moved into an Insider Threat program development role. We used models to identify behavior patterns that were common in data exfiltration. From there, tools, processes and needed skills and experience simply exploded as the technical landscape and its associated challenges unfolded.”

You're known for getting in front of global security threats. What are the components of a security strategy that can put you out ahead of a threat event?

“There are a lot of ways to answer this question, though at the most basic level; the question of ‘what matters most now?’ is always important.  Not every program, technology, process or tool brings clear value, especially when compared to the cost of that capability.

“With that in mind, knowing which assets are most important and why, followed by where those assets are, who has access to them, and how they are protected and controlled. Those are the basics.

“If that isn’t clear to the appropriate stakeholders, that would be the first thing I ensure to bring clarity to.”

Are there any types of threat you're seeing a lot of in the telecommunications sector right now?

“It’s well known that there have been attempts to attack critical infrastructure in the United States. This is a concern to authorities and private sector security teams. Also of importance is the effective protection of data and privacy at scale, and the attempts by bad attacks to compromise data, facilities, and technology are well known.”

What's one thing you wish everyone knew about cybersecurity? :

“Whether cyber or physical, there is no standalone entity that protects everything.

“I spend a lot of time with our IT and CISO teams ensuring we have broad based and measurable defense at depth. I guess I would say that the most important thing I’d share is that security needs to be integrated, with stakeholders in CSO, CIO, IT, Compliance, Privacy, Audit, all working together to ensure defenses are broad based and tested as effective.”

Why are events like Black Hat MEA valuable to you?

“There’s always something to learn, and spending time with colleagues in the industry who represent different communities and disciplines strengthens the root structure of the security industry as a whole.”

Thanks to Daniel Maloney at Verizon. Want to learn more? Register now for Black Hat MEA 2023.