There is innovation outside of academia!

David Lacey has posted that he feels that the future of security lies in academia. I don’t agree entirely.

The reason being that I have been excited by the work done by HP Labs for example, particularly in the scope of trusted computing and the TPM module. Then Intel that have since 3-4 years been shipping chips with built-in security. I call it security bottom-up. From the top-down is products such as HP’s Arcsight, that can not only log everything that moves or not, but also correlate in a way so as to present otherwise unmeaningful data in a meaningful way via a compliance dashboard. This type of security is particularly interesting for military and any organization wanting to track (big or little brother) in an intelligent way everything happening within the boundaries of their world. Clearly this is against everything I believe in as a privacy advocate, but that is another post 😉

However I do understand where David is coming from. We are realizing that “ticking boxes” is not an effective way of proving you are secure, it doesn’t even prove you are compliant. All it does is shows you are following one or more processes that demonstrates “you have tried your best” nothing more. This is not the way forward.

The way forward is proving you are secure and this is only achievable by building security into the heart of everything digital, by doing this even the human-aspect of information security maybe obsolete in the future, especially as biometric form of authentication become more accepted, and contextual authentication key to achieving the vision of BYOD or what I prefer to call “any device anywhere” that is driving the type of security being implemented by some verticals such as telecommunications and healthcare today.

All of this is achievable today. Intel have as daughter companies McAfee and Nordic Edge. Both are, with the help of Intel building security at the “chip level” for their products. Go and take a look. Also check some posts I made in December, lots there on the cool security stuff going on in industry.

Back yet again

I was in the office yesterday early morning chatting with the only security lady that I recruited into the HP Nordics Security Consulting organization when we came to blogs. So I showed her virtual shadows and to my horror realized that nothing had been posted since December last year!

Time flys when you’re having fun! So what have I been up to? Well since beginning of August 2011 I have been building the HP security consulting business for the Nordics. We are from zero now 12 high calibre security consultants, and all extremely busy. We are still growing rapidly. It is rare I speak directly of my work in my blog, but this deserves a mention. We have in HP an amazing strategy to consolidate and grow our security business globally. Security is a part of HP’s DNA, so nothing strange here, but before November in 2011 we didn’t have it focused in a single business unit. Now we do, and it feels extremely good!

Hence if you are a security guy, looking for fresh challenges in an exciting environment, HP is the place to be. Believe me, I am not joking here 🙂