Source: [id: 41018; name: CSO; isActive: true; siteId: 3] -- CSO -- $content.altguid

Meeting of the Minds

Adam Shostack and Andrew Jaquith take on three critical questions about the direction of the information security field.

By , Senior Editor

February 15, 2010CSO

Adam Shostack is co-author of The New School of Information Security, security specialist at Microsoft (though he doesn't speak on behalf of Microsoft here) and ringleader of the popular Emergent Chaos blog. Forrester Research senior analyst Andrew Jaquith is former senior project manager at Symantec and former program director and cofounder of @stake.

Readers can also listen to the full audio of this conversation HERE.

Cybersecurity Coordinator: Can Schmidt Get the Job Done?
Shostack: Howard Schmidt as White House cybersecurity coordinator. What are your first impressions?

Jaquith: I have two thoughts on this. The first is that the position has been notoriously difficult to keep people in. You saw what happened with Amit Yoran and Mellissa Hathaway. It's a tough job with tough expectations and very little authority, so I'd say congratulations to Howard. I'm glad he's stepping up and I think he is someone with a stature and a pedigree. He's done the job before. I hope he will take some of what he learned during his first go-around and apply it in his second go-around. But fundamentally it's a pretty tough job and I find it hard to believe that anyone could fulfill the expectations of the role given the tools available to him.

My second thought is that Howard needs to clue up a little bit in terms of some of his current thinking. I did see the predictions he expressed [in the article "Ten 2010 IT Security Predictions"] and I think it's great that he has a perspective. On the other hand, a lot of the things he voiced weren't so much predictions as much as they were concerns. "We're concerned about social networking." Well, sure, we've known that for awhile. "We're concerned about smart phone malware." I would argue that this is a tempest in a teapot and something that will never come to pass in the way most security vendors and security practitioners think it will. But, you know, good for him for expressing an opinion about something that's been expressed before. To me, though, there just wasn't much by way of real forward-looking predictions. I think he's fighting many of the last wars in 2010, and I'm hoping we can get a little more vision out of Mr. Schmidt.

Shostack: Yeah but come on, isn't that what security professionals always do? Fight the last war?

Jaquith: (Laughing) Well.

Shostack: The response is always, "SSL and firewalls, SSL and firewalls."

Jaquith: That's true. We do tend to fight the last war. We're rarely out in front of the next one. There's very little reconnaissance happening. What do you think of Howard's elevation?

RESOURCE CENTER