BSidesSF preview: Letting someone else's phone ring at 3 a.m.
At a NAISG meeting awhile back, my friend Andy Ellis, CSO of Akamai, gave a talk about building an incident management program that cuts chaos down to a minimum. At BSidesSF next week, he'll give an updated version of the presentation.
His talk is scheduled for 5 p.m. Monday.
We chatted about it by phone Friday morning, and I started with the obvious question: Why doesn't his phone ring at 3 a.m. anymore?
"Because I hired someone and told him his success would be judged by how little my phone rings at 3 a.m.," Ellis said. "I always have someone on call who is amazingly competent."
The breakthrough comes when the CSO stops trying to keep bad things from ever happening and instead builds a program around the expectation that things will break from time to time.
"Things are going to break," he said. "If you don’t plan for incidents then incidents will plan for you. You’re always caught with your pants down in that scenario. You need to have really smart people, give them the authority to deal with the problem and then get out of their way."
Call it Ellis' "Breakable But Effective" security to Larry Ellison's "Unbreakable" security, which, as we know by now, is very breakable.
We're just admitting the breakable part now, and admitting the problem is the first step in solving it, right? ;-)
--Bill Brenner
Print
His talk is scheduled for 5 p.m. Monday.
We chatted about it by phone Friday morning, and I started with the obvious question: Why doesn't his phone ring at 3 a.m. anymore?
"Because I hired someone and told him his success would be judged by how little my phone rings at 3 a.m.," Ellis said. "I always have someone on call who is amazingly competent."
The breakthrough comes when the CSO stops trying to keep bad things from ever happening and instead builds a program around the expectation that things will break from time to time.
"Things are going to break," he said. "If you don’t plan for incidents then incidents will plan for you. You’re always caught with your pants down in that scenario. You need to have really smart people, give them the authority to deal with the problem and then get out of their way."
Call it Ellis' "Breakable But Effective" security to Larry Ellison's "Unbreakable" security, which, as we know by now, is very breakable.
We're just admitting the breakable part now, and admitting the problem is the first step in solving it, right? ;-)
--Bill Brenner
Previous Post: BSidesSF preview: Selling security without selling your soul Next Post: Lessons of the HBGary Hack
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
WHITE PAPER
Reduce Email Archives up to 60%
Are you considering implementing a proactive archiving and eDiscovery solutions? This paper summarizes 15 separate soft cost savings when implementing Symantec Enterprise Vault and the Clearwell eDiscovery Platform.
WHITE PAPER
Aberdeen Report: To Patch, or Not to Patch? (Not If, But How)
The report explores the correlation between the current use of patch management and the level of endpoint-related risk that companies are effectively accepting.
Recent Comments
Webcasts
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- Moving Your Email to the Trusted Cloud
- Comprehensive Server Protection
White Papers
