I could not help but reflect on one of Stathakopoulos’s parting shots at his keynote speech. Many of our security conventions seem to place the white hacker on a pedestal. Stathakopoulos sited an example of this in how the creator of the Sasser worm which cost industry billions not only got a light sentence but when he got out was offered a position within a security company.
However not many security conferences seem to extol the virtues of the people who create the defences to the attacks. If I could make an analogy here. During the FIRST football match, our goal-keeper saved probably four or five brilliant shots from the opposition. Fortunately our team was mature enough (eerrrm that doesn’t mean we we’re all old fogies ok) to see exactly how he saved us and without him we certainly would not have won the game.
In a similar way, the teams of people that work on your corporate defences will have saved your business fortunes in downtime, loss of reputation and loss of finance. Some of them will have strategically protected against perhaps even an undiscovered vulnerability.
These things may be difficult to quantify compared to how many potential goals were saved but Stathakopoulos has a point when he says we really should be applauding our defence team. Now if you know how much you’ve saved your company but your company doesn’t then read my blog on Security Geek vs Executive Board.