Our two-minute interview series continues with a true security visionary, Matt Devost of FusionX. We’ve known Matt for years and are big fans of his ability to articulate security challenges and solutions. We asked Matt three questions, and here are his responses:
- What do you view as the single biggest barrier to good security practice in the modern enterprise? Many organizations have not developed an approach for engaging in risk management. Good security practices need to developed within the framework of a comprehensive risk management program otherwise you end up failing to adequately address threats or spend too much money managing inconsequential vulnerabilities. To develop a risk management strategy you have to understand your vulnerabilities and their exploitation impact to your organization, but you also need to understand the threat and the operational consequences of any remediation strategies. Unless you are looking at each of those components, you aren’t managing risk.
- What’s the most exciting thing happening in the security field today? I’m really excited about the investment that is being made in new defensive technologies like behavioral analytics and machine learning. We won’t see the benefit of those technologies for years to come, but it is exciting to see money being invested in innovation rather than in making stale technologies incrementally better.
- What advice do you have for people looking to enter the field? I always encourage folks to invest time in self-guided learning and experimentation. If I’m interviewing technical red teamers, I’m always going to favor the person who cobbled together a lab in their basement over the person who has professional certifications. If someone is obsessed with figuring things out on their own, they’ll likely make a great member of a red team.
You’ll find our previous two-minute interview with Matt Branigan here.