vCISO Smart Practices – Part 1

vCISO Smart Practices – Part 1: Enabling Success via Collaboration Infrastructure

The Internet of Things offers a tremendous opportunity for businesses to truly transform themselves by realizing the potential of data that is sitting, untapped, in existing infrastructures. The challenge to unlocking that data is the evolution towards a Secure Collaboration Infrastructure.

vCISO Smart Practices

This blog introduces our vCISO Smart Practices series which kickoff with a fundamental discussion on the importance and value of human collaboration and teamwork as a foundational cross-discipline cross-functional ‘Architecture Team’. We also offer an introduction to the blog author, Nige the Security Guy (@NigeSecurityGuy).

This blog series will later address a truly distributed security architecture that supports the Collaboration Infrastructure and applies Smart Practices to that as we evolve rapidly towards the new and exciting yet challenging IOT.

“Training often gives people solutions to problems already solved.
Collaboration addresses challenges no one has overcome before.” Marcia Conner

Sharing and Reciprocity

Collaboration and sharing is a sophisticated skill that asks people who work together to look beyond personal interests towards outcomes benefiting the whole. Collaboration and sharing is a great way to address complex challenges, since it has the potential to tap communal creativity and unleash true innovation and earn genuine buy-in.

Collaboration

Collaboration, at the conceptual level, involves:

  • Awareness – We become part of a working entity with a shared purpose
  • Motivation – We drive to gain consensus in problem solving or development
  • Participation – We participate in collaboration and we expect others to participate
  • Mediation – We negotiate and we collaborate together and find a middle point
  • Reciprocity – We share and we expect sharing in return through reciprocity
  • Reflection – We think and we consider alternatives
  • Engagement – We proactively engage rather than wait and see

Together we can build a safe and increasingly more secure environment …

 “Security done right is a business enabler that dramatically reduces total cost of ownership (TCO) providing a tangible Return on Security Investment (ROSI).

IT complexity and fragmentation replaced by an adaptive modular and flexible architecture enables agility and improves your competitive edge — so the business can refocus quickly as new opportunities emerge.” Nigel P. Willson

People Process Policy Technology

A critical success factor towards successfully deploying a collaboration infrastructure is orchestrated policy, focused resources and, well-defined process that fully leverages and unlocks technology. As a creative solutions-focused, charismatic, and passionate security evangelist Nigel Willson is available to consult as a Trusted Security Services Partner to collaboratively assist organizations to iteratively improve and optimize their security as a virtual team member in the role of vCISO, IT Security Strategist and, Architect.

Nige the Security Guy: Professional Profile

Architect Blueprint

Nigel P. Willson
Principal Security Architect
AT&T Security Solutions

Nigel Willson is a Principal Security Architect at AT&T with 30 years of experience in Security Operations, Management, Research, Development and Security Services providing thought leadership, architecture/design and practical strategy.

Nigel has responsibilities as Security SME for AT&T complex cyber security solutions across the portfolio of security consulting, managed security services and mobile security solutions.

He specializes in collaboration as both a Trusted Advisor and Virtual Chief Information Security Officer (vCISO) helping companies to evolve and improve their security capability maturity and posture in the following areas:

  • IT Security Governance, Strategy, Roadmap
  • Security Architecture & Design (including adaptive security architecture lifecycle)
  • Security Operations (including advanced threats, detection frameworks, defensible posture)
  • Threat Intelligence & Risk Management (focused on business processes)
  • Security Research & Analyst
  • Regulatory Compliance

AT&T Security Solutions is the AT&T Advanced Enterprise Solutions customer facing security opportunity team. His participation is consistently solicited by AT&T teams and AT&T customers as both a Trusted Advisor and Security SME in both the private and public sectors. Nigel joined AT&T as a Practice Director, Security via the acquisition of Callisma (AT&T Consulting Solutions) in 2005.

Prior to joining AT&T, Nigel worked as a Practice Director, Security for Avaya Converged Security as well as TCS America responsible for the development of discrete security consulting services and leading teams of security consultants. He previously worked as the Director, Security for The Walt Disney Company focused on global Internet Security for 27 business units including ABC, Disney On-Line, and ESPN.

Nigel is a former assembler programmer and reverse engineer (ethical hacker) with a diverse international background. He has worked on U.S. DoD projects developing security products and technology for the World-Wide Military Command and Control System (WWMCCS) and Military Airlift Command Deployment Flow (MACDF).

Magazine2

He is a published author of many security guides, books, magazine articles and currently operates a security-focused NigeSecurityGuy blog providing impartial practical advice and methodology on security architecture, assessments and, advanced persistent threats (APTs). Nigel also operates the ‘Solving the APT Defense Puzzle’ group on Linked-In, a reference library of useful research and topics.

Nigel was recently selected as a finalist in the InfoSec Europe 2014 Security Bloggers awards and was invited to publish an article on Leveraging Security as a Business Enabler.

Nigel’s passion is taking blog readers Back to Basics to focus on key security principles to develop a strong architectural foundation (Security Architecture Series) and from that add advanced threat defense (APT Strategy Guide) as well as security operations optimization (NG-OPS Strategy Guide).

Never doubt that a small group of thoughtful, committed citizens can change the world. Indeed, it is the only thing that ever has.”

Background Summary

  • International Background — 30 years international experience gained as security expert across England, Australia, France and, the USA.
  • Strategic Architect – Cloud-Orientated Architecture, BYOD, Mobile, Security Operations, Risk, Intelligence, Analytics, Metrics, Visualization – Situational Awareness: Detect, Contain, Investigate, Eradicate, Recover
  • Director, Security @ Disney – Establish strategic architecture team, develop successful proactive security management program.
  • Published Author – Author and co-author of many security guides, books and, magazine articles.
  • Security Consultant — 15 years thought leadership and strategy experience consulting to Fortune 500 companies.
  • Security Engineer – Developed new security protocols and products for U.S. Department of Defense (DoD), e.g., MACDF and WWMCCS. Used in Gulf War. Worked on multi-level security and covert channel prevention.
  • Reverse Engineer – Original assembler programmer, ethical hacker and reverse engineer who could analyze code and manipulate any technology, protocol or system.
  • Awards Plaque: AT&T April 2008: In Recognition of Unwavering Commitment, Steadfast Leadership and Outstanding Performance on the California State University ITRP program.

Next Generation Operations

Thanks for your Interest!

Nige the Security Guy.

Advertisements

NG-OPS Strategy Guide

NG-OPS Strategy Guide: Navigating the Next Generation Security Operations Ecosystem

In today’s threat environment the only constant is change. In fact, everything is changing – the way our users work, the types of adversaries we face, and the techniques hackers use to infiltrate our networks. Such threats have become even more sophisticated than ever, bringing new risks and uncertainties that require more visibility in operations — thus a Next Generation Security Operations mindset.

NG-OPS Strategy Guide

This NG-OPS Strategy Guide introduces a new blog series on the Next Generation Security Operations Ecosystem to build upon and complement our prior blog series, they are as follows:

  • Security Architecture Series
  • Security Program Best-Practice Series
  • Security Assessment Series
  • APT Strategy Series

Disruptive Shifts and Converging Trends

The past few years have set the stage for some disruptive shifts in network security operations. These shifts are driven in part by the rise of BYOD, mobility, virtualization and the cloud, which have resulted in a new level of complexity and fragmentation with distributed systems.

Occurring in tandem, the proliferation of applications and infrastructure services inside the organization requires holistic organization into trust zones based upon risk and classification (see Adaptive Zone Defense) as well as greater policy orchestration, management and, visibility across access boundaries (inter-zone).

Next Generation Operations

The ability to translate complex business and organization goals into a set of automated data center workflows is critical to not slowing down the application delivery process. It is also an essential part of making compliance and security requirements a lot easier to manage in a very dynamic environment. Network security needs to transform into agile and adaptive end-to-end automated processes. This requires a systems approach when thinking about network security.

“The threat can be broken down into three components: intent, opportunity, and capability.
Organizations need to know, ‘What is the intent of adversaries? What are the opportunities available to them?
And what capabilities do they have to exploit the opportunities?”

Felix Mohan, Senior Vice President and
Chief Information Security Officer, Airtel

The delivery of an application can trigger a cascading series of actions to ensure that the application is delivered efficiently and in compliance with any regulatory requirements. Next-generation firewalls (NGFWs) now provide the ability to implement policies based on applications, users and content, and they can provide the appropriate hooks for automation and orchestration solutions.

These disruptive shifts and converging trends have fused application and network layer functions, causing a fundamental reset of the security operations function.

  • Organizations need to shift more security resources from preventing intrusion toward rapid detection and response
  • Improving detection and response requires an intelligence-driven context-aware security approach
  • Optimizing how security technologies, resources and process work together is pivotal to scaling security capabilities
  • Automation frees up analysts to focus more on higher priority risks affecting the most critical assets and data
  • SOCs need to build collaborative cross-disciplinary teams with highly specialized skill sets to combat advanced threats
  • Evolving security operations optimizes the interplay of people, processes and, technologies to enable rapid response
  • Orchestrated management of network infrastructure will be embraced as the next big thing
  • The rise of DevOps drives much needed convergence between security and IT operations to add security by design
  • Increases need to automate and optimize security operations to more effectively leverage resources/skills shortage

People Process Policy Technology

Reducing Operational Overhead

It’s a known fact that a lot of time is typically wasted on analyzing false positives generated by technology that is not correctly baselined, customized, tuned, optimized. Depending upon the environment, false positives can often be numerous and very difficult to verify, costing analysts valuable time determining whether or not something is an event the analyst should be worried about.

The tenets for this Next Generation Security Operations series are simple:

  • Increase visibility across the enterprise to identify active threats quickly
  • Understand the business impacts to better respond
  • Utilize resources to the fullest

“People in the SOC need ways to react faster and better — they need ways to improve the efficiency of what they do.
They need ways to reduce the amount of time between the onset of an attack and the time it’s stopped or remediated.”

Rich Mogull, founder of Securosis

NG-OPS Ecosystem

In order to help organizations reduce operational overhead the NG-OPS Strategy Series will currently include the following blog articles (although topics will be added as the theme develops and evolves):

  • NG-OPS SOC Version 2.0: Build a Next Generation Security Operations Center to protect critical assets
  • NG-OPS Evolving a SOC Team: Building, Nurturing and Evolving Security Operations Staff
  • NG-OPS Operational Maturity: Migrating from Reactive to Dynamic Defense and Cyber Resilience
  • NG-OPS Automation & Orchestration: The Next Big Thing: Automation and Orchestration
  • NG-OPS Threat Modeling: Manage complex systems using a structured methodical framework
  • NG-OPS Risk Management 2.0: Shifting focus from technical assets to critical business processes
  • NG-OPS Smart Telemetry: Leveraging 3 levels of telemetry: End-point, Gateway and, Infrastructure
  • NG-OPS Security DevOps: The critical convergence of security and IT operations with DevOps 

Please feel free to propose additional topics and/or vote for which topics should get published before the others.

This new NG-OPS Strategy Guide builds upon and enhances the current APT Strategy Guide introducing a whole new set of topics into the framework.

APT Strategy Maps

APT Strategy Guide Framework

Conclusion

The era of advanced threats calls for a new approach to information security. When dedicated cyber adversaries have the means and methods to elude commonly used defenses, such as signature based detection, it is clear that conventional approaches are no longer sufficient.

The need for a Next Generation Security Operations mindset is evident across the industry. Technologies will continue to improve but in parallel we do need to ensure that we also evolve and improve our security processes as well as invaluable resources and skills. Attackers are constantly evaluating their methods and improvising new techniques. Defenders must think in those same fluid terms to keep pace.

The value proposition for a Next Generation Security Operations program includes improved security, resource utilization and, cost-effectiveness. Together with increased visibility and vigilance defensive strategies can be precisely aimed at addressing the most significant threats and protecting the most critical assets and data. Leveraging automation and orchestration the security team will have the knowledge and the cycles it needs to make informed risk decisions and invest in the right security controls.

Thinking-Security

Orchestrating People and Process with Technology

Many enterprises are looking toward 3rd party security services to help them handle some elements of their defense. But that doesn’t mean the expertise of the SOC staff will become less important. In fact, most experts agree the next-generation security analyst will have to be smarter than ever. The security staff of the future is going to need expertise not only about the domain they’re defending, but also contextual expertise to determine what combinations of events might present a threat. On top of that, they’re going to need analytical expertise so that they can determine the source of the threat — and how to stop it

Thanks for your interest!

Nige the Security Guy.