Chris Nickerson: Bring a bit more Zen to cybersecurity

Chris Nickerson is CEO of Lares, which focuses in hyper-competitive areas of cybersecurity like penetration testing, red-team testing and adversarial attack modeling.

But delivering the closing keynote at UNITED2016, the Rapid7 Security Summit in Boston this week, he came across as more Zen master than battle-tested general.

Nickerson never actually said the “Z” word. But he said real empowerment in cybersecurity isn’t a matter of being “bullied” into a decision by charts, graphs and data sets, but from freedom to choose.

In his view, there is a vast difference between choosing and deciding. “One of them – choosing – has freedom,” he said. “Deciding is totally different. I’ve been bullied by data sets around me into decisions.”

This awakening came courtesy of a torrential rainstorm in China, while he was walking with a friend. His friend was fuming at getting soaked by the downpour.

[ MORE FROM UNITED2016: Protection of white-hat hackers slow in coming ]

“I asked him, ‘Is it the rain that’s hurting you and making you mad, or is it just you?’” he said, noting that instead of telling his friend to lighten up, “I was just taking the data points around us, bringing it down to what it was,” he said.

“And after that we had a great time. We were walking through the rain, soaked, and laughing. It wasn’t my words. It was the transition to not feeling held hostage by the data. We were free to make a choice.”

That, he said, should be applied to the intense world of what his company does – risk assessment, penetration testing, application testing, social engineering, red-team testing and adversarial attack modeling.

“We spend all this time fighting hackers,” he said, adding that the overwhelming number and variety of attacks can burn out defenders. Instead he said, “we don’t need charts and graphs to know it’s ‘raining’. We just need to choose to deal with it.”

Nickerson confessed to having played the “data bully” in the past. “How many times have I bullied people into decisions? I was robbing people of freedom to choose,” he said.

A more effective approach is to take note if the data is leading somebody to a particular conclusion. “If it is, get out of the way and let them choose,” he said.

“Feeling able with our mind, heart and soul to choose what we’re going to think and do is really powerful – really profound,” he said.

He also urged his audience not to feel like they have to stop every attack. “This is a long game,” he said, “and sometimes you feel like you’re not going to change anything.

“But the answer isn’t to stop it (the attacks). Be present in those moments when you know you don’t have the power. And then remember that rain is just rain.”