Five experts on various aspects of cybersecurity shared their thoughts, insights and suggestions about operating in the cloud during the Knoxville Technology Council’s (KTech) “lunch and learn” yesterday.
It was the newly-launched KTech’s third event this month that started with the PolitiCode educational session on Election Day (click here to read our coverage in teknovation.biz.) Brandon Bruce, one of the organizers of the new group, said several additional sessions on various topics will be announced soon.
During yesterday’s nearly two-hour workshop at the Joint Institute for Advanced Materials building at the University of Tennessee Research Park, the five panelists shared a variety of experiences dealing with cyber planning and preparation as well as what to do when a breach occurs.
“Perfect security is impossible,” said Stacy Prowell, Chief Cybersecurity Research Scientist at Oak Ridge National Laboratory. Among his many accomplishments was work on a system for deep analysis of compiled software led to the Hyperion system which received a 2015 “R&D 100 Award” and two awards for technology transfer.
Prowell was joined on the panel by Micki Boland, Global Cybersecurity Engineer for Check Point Software Technology Ltd.; Scott Harris, Senior Systems Engineer at Proofpoint; Nick Sweet, Vice President for Managed Security Services at Avertium; and Chad Waddell, Solutions Architect at InfoSystems.
I was reminded of the admonition to “plan your work and work your plan.”
All of the panelists referred in one way or another to the critical importance of having a well thought through data security plan as well as an Incident Response Plan (IRP) in the event of a breach. Routinely testing the IRP was a universal recommendation, perhaps through something Boland described as a tabletop exercise.
The 50 or so attendees also heard Harris share a personal experience from several years ago when a previous employer experienced the dreaded breach. It occurred about a year after the company started moving its data to the cloud.
He recalled receiving a text message one afternoon notifying him of the breach. “I haven’t been the same since then,” Harris said of the experience that consumed the next eight months of his life to fully resolve all issues that came from a single email dealt with improperly. “I slept four hours in about six days. It’s bigger than just money and data. It affects you personally, your team, so much more.”
Harris’ advice was direct.
“Get it (your security plan) right, or they will steal your stuff,” he emphasized. “Slow is fast. Don’t ever, ever think you have to get there (transitioning to the cloud) today. The faster you go, the more likely you are to make mistakes.”