Our latest two-minute interview features Chris Blow, Senior Advisor at Rook Security. Chris is a Qualified Security Assessor with over 15 years of experience focused on information security, social engineering, and the payment card industry. At Rook, Chris executes projects addressing everything from regulatory compliance to penetration testing, digital forensics, and red team testing. Prior to Rook, Chris was a Director at Pondurance, a Senior Security Engineer at Teradata, a Director of Global Security at Ingram Micro Mobility, and an Information Security Architect at United Healthcare. He has also held contractual positions with various U.S. government agencies and is a proud alumnus of Purdue University’s College of Technology.
- What do you view as the single biggest barrier to good security practice in the modern enterprise? It’s a roadblock that I’ve seen for years: the lack of a proper vulnerability management/risk management program. I still see corporations trying to get a good grasp on their “known knowns,” but they’re still in a reactive state and don’t really have a great plan in place to transition to a more proactive program. Maintaining this status quo still leaves “known unknowns” and “unknown unknowns” in the dark until is brought to light – usually by something or somebody malicious. A great vulnerability management program should start with in-depth classification of data and systems paired with the information security team(s) truly understanding the business they’re trying to protect.
- What’s the most exciting thing happening in the security field today? I’m really pleased to see that the insecurities around the Internet of Things is finally gaining some traction. I think that many people take this type of technology for granted and the companies creating these technologies haven’t had their feet held to the fire from a security standpoint. I’m really excited to see what’s coming down the line to help keep corporations’ and consumers’ Internet-connected technologies safer in 2015.
- What advice do you have for people looking to enter the field? Be passionate and don’t ever be afraid to question anything. This field is changing every second and you’ll be learning something new or sometimes you’ll be learning about something “new” that was relevant a decade ago that still exists. Everybody is still learning and not one person knows everything; make the effort to befriend other like-minded folks in our field. If you don’t have a lab built for research and development, I highly recommend building one. It can help with many of those “what if?”-type questions and allows you to answer the questions yourself and keep your skills sharp.
You’ll find our previous two-minute interview with Matt Devost here.