Cyber Pros Join Together for a Night of Classic Rock
In conjunction with the AWS re:Inforce conference last week, ESG hosted an evening of classic rock, where we invited our clients to join us on the stage at the Hard Rock Café Boston for a classic rock jam night. While a few of the musicians knew each other, most did not, yet they jumped right in to perform tunes from bands like Led Zeppelin, Billy Squier, Pat Benatar, AC/DC, and many more.
The evening got me thinking about the challenges that we all have in front of us as we strive to apply technology in a way that ultimately protects the world’s data, assets and infrastructure against the ever-present growing cyber threat. In the security industry, we have so many talented individuals working tirelessly to build and deploy security solutions, all focused on a common objective – to keep the world safe from cyberattacks.
Similar to the way so many companies are focused on providing cybersecurity solutions that work together to help secure companies around the globe, at the Hard Rock we had guitarists, drummers and vocalists (many of whom had never met) from many different companies join together on stage to create an amazing evening of rock & roll. And while many of the musicians who performed were talented and accomplished, by coming together, they were able to create a more comprehensive sound that seemingly exceeded what each could have performed on their own.
Why is it that we have so many talented cybersecurity people working separately to fight off the attacker? It is almost as if we are all so focused on the commercial aspects of the cybersecurity business, we are failing to see the potential to serve the greater good of the world by opening up our ideas in a way that enables us all to work more collaboratively to beat the adversary. Competition is surely a good thing, driving innovation and operational excellence, but do we really need 20-30-40 cybersecurity vendors all competing and trying to solve the same problems?
CISO Summits help defenders share ideas and stay current on how organizations are protecting themselves, but they don’t create an environment where thought leaders can collaborate on building better core defense capabilities. The Intelligence Network, started by BAE Systems last year is another great effort aimed at pulling researchers and businesses together to collaborate on the broader cyber agenda, helping people better understand and share knowledge about current threats and how to respond to them. Again, helpful, but it doesn’t formalize a process to build better core defenses.
We can do better. Image if we could bring together the top 50 CTOs from the leading cyber tech companies into a think-tank environment where they could operate as a team, sharing their ideas to come up with a broad plan on how each could contribute their individual company’s expertise toward solving the broader issues. We have an open source culture already in place that can enable organizations to carefully open up enough of the core IP in a way that can enable each company to spend their energy on the truly unique aspects of protecting us. Yes, there are already several open source security projects, but none have achieved the level of cooperation to leverage the true power of the cyber-brain-trust that exists in the world today.
I’m not saying that this team would come up with a single project that would be a silver bullet, but instead become a working group that would spawn ideas and projects that we could work on together--projects that would allow the many talented people that are already focused on their own, individual solutions to work more collaboratively.
There is plenty of room in this market for commercial companies to win big and still work together. We need to lay down a foundation that all can build upon--a foundation that can supercharge threat intel, defensive strategies and tactics, and collaboration among those who are working so hard to defend their individual companies and assets, and a foundation that can enable innovators to excel and bring new ideas to market.
If we can come together with events like Live Aid in the music industry, why can’t we work together in the security industry on behalf of the greater good of protecting the world we live in from the massive and growing cyber threat that is impacting businesses, health care, infrastructure and governments? I’m going to suggest we start with an industry leader summit, where we bring together an initial group of thought leaders to begin the process. It won’t happen overnight, but if we don’t start the process, it will surely never happen.
What do you think? Is this a crazy idea?