What's the one thing you wish they knew?

Welcome to the new 79 cyber warriors who joined us last week. 🥳 Each week, we'll be sharing insights from the Black Hat MEA community. Read exclusive interviews with industry experts and key findings from the #BHMEA23 keynote stage.

Keep up with our weekly newsletters on LinkedIn, Subscribe here.

This week we’re focused on…📣

What most people don’t know (but should) about cybersecurity.

⚠️Spoiler alert:️

There is no single one thing.

We asked ten cybersecurity professionals the same question, and they came back with ten different answers – although we did pick up a couple of common themes.

📌The question was:

What’s one thing you wish everyone knew about cybersecurity?

And here’s what they told us.

🎙️Makesh Chandramohan (CISO at Aditya Birla Capital)

“Believe in the statement: Breach is inevitable.”

🎙️Sam Curry (CISO at Zscaler)

“We need you! And there is room for everyone in cybersecurity. I used to play rugby, and I loved that there was a place on the team for every body type and shape.

“Cybersecurity is like that: we want everyone and every perspective. It’s not just the right thing, but it is a competitive advantage because we have human adversaries. That means gender, religious, ethnic, neurological and every other form of diversity enriches us, and it’s not just for technical people.”

🎙️Zechariah Akinpelu (CISO at Unity Bank)

“I believe so much that if we all embrace the idea that cybersecurity is everybody’s responsibility, individuals can proactively contribute to a safer digital environment for themselves, their communities, and organisations.”

🎙️Gary Hayslip (CISO at Softbank Investment Advisers)

“That it’s a discipline, it's not just taking a couple of classes or completing a college degree and you are in this new job. Cybersecurity is a field of study incorporating extensive soft/technical skills and experience. Couple that with the fact it's continuous, working in this field you are always ‘on’ – there is no time you are going to walk into work, and everything is secure, and you have nothing to do.

“Working in this field you must continually educate yourself on new technologies, new threats, and new risks. Working in this field you must get the basics right every day, every time – again, it's continuous and takes focus and discipline to be effective.”

🎙️Suresh Sankaran Srinivasan (Group Head of Cyber Defence at Axiata)

“I wish everyone realised that cybersecurity is more of an attitude than a technical skill or control. While technical skills, measures and systems are crucial, the attitudes and behaviours of individuals within an organisation, both cyber professionals as well as general users can have a substantial impact on the overall security posture.”

🎙️Mihir Joshi (Group CISO at Tata Power; Advisory Board Member for Xchain Technologies)

“An infosec professional will always be a newbie. We are endless newbies where technologies/new trends change every other day, and while we learn, it will be replaced by something else – and eventually we will be still in a newbie state.”

🎙️David Cross (SVP and CISO at Oracle SaaS Cloud)

“First, and foremost, the best security engineers are those that have started out and are great in the fundamentals of engineering, operations, DevSecOps, etc. Security is based on fundamentals: design, architecture, algorithms, models. When you have great experience and knowledge on a given function, service, or product, it is far easier to understand the security challenges, risks, gaps, and threats for that service.”

🎙️Dr. Kenneth Geers (External Communications Analyst at Very Good Security)

“Everyone can – and should – make a contribution. Cybersecurity is inherently multidisciplinary, and each of us has a role to play. Our children already participate in many Internet-based activities that we do not experience or understand. Therefore, we should focus on values and strategy, because to some degree, we must trust that, in the future, our children will advance cybersecurity in creative ways that we will never see.”

🎙️Daniel Maloney (SVP and Chief Security Officer at Verizon)

“Whether cyber or physical, there is no standalone entity that protects everything. I spend a lot of time with our IT and CISO teams ensuring we have broad based and measurable defence at depth. I guess I would say that the most important thing I’d share is that security needs to be integrated, with stakeholders in CSO, CIO, IT, Compliance, Privacy, Audit, all working together to ensure defences are broad based and tested as effective.”

🎙️Chris Wysopal (Founder and CTO at Veracode)

“I wish everyone knew how easy it is to attack a vulnerable system with easily downloadable tools. There is a mystique out there that attackers are geniuses. Really everyone with a few hours of training can learn how to do this, and they should.”

So what’s the one thing YOU wish everyone knew?

We’d love to know your answer to this question. Hit reply to this newsletter on LinkedIn and share your perspective in the comments.

*Subject to terms and conditions

Do you have an idea for a topic you'd like us to cover? We're eager to hear it! Drop us a message and share your thoughts. Our next newsletter is scheduled for 13 September 2023.

Catch you next week,
Steve Durning
Exhibition Director

P.S. - Mark your calendars for the return of Black Hat MEA from 📅 14 - 16 November 2023. Want to be a part of the action?