Introducing: Tales From the Cybersecurity Front
August 30, 2021 | 12:15 - 1:15 pm | Zoom Webinar
On August 30, the Strauss Center kicked off a new cybersecurity speaker series titled “Tales From the Cybersecurity Front” with an opening talk by Wendy Nather, who will curate the ongoing series. Nather is a Senior Cybersecurity Fellow at the Strauss Center and has worked in in many cybersecurity roles at CISO over the course of 25 years. In the beginning of her remarks, Nather noted that the aim of this series is to tell stories from the cyber world that folks might not typically hear due to the apprehension surrounding the disclosure of breachers. Nather then moved to explain what people need to know about implementing cybersecurity in the real world, noting that major breaches are usually traced back to a seemingly insignificant trigger. She noted that many cyber weaknesses boil down to the issue of cost burden, leading to many tradeoffs which cyber experts must accept to achieve a company’s goal.
Nather then addressed the question: “why does it take so long to fix a vulnerability?” Nather first discussed the challenge of business barriers, noting that CIO’s typically don’t have additional staff on standby to fix vulnerabilities. Legacy systems, she noted, are hard to remedy, and often the people who originally set up those systems have moved on. Nather also emphasized that remediation is more than a simple code change, and security experts have to prioritize fixes, making many judgement calls along the way. Nather also discussed the #wannacry ransomware attack, highlighting three remediation barriers which are typical: there are long recertification times, vendors often control the affected systems, and systems are sometimes non-patchable. Nather then described the ways in which company culture can affect a cyber expert’s ability to ensure security, providing the example of a hotel’s preference not interrupting a guest’s virtual booking experience. Nather concluded by noting that while these differing views of probability and risk may be a bit shocking, they are endemic in the cyber realm. During the Q&A session, Nather fielded questions on a range of topics including industry specific standards, IOT devices, the spread of bug bounty programs, cyber insurance, and quantum computing. See the full conversation below.
Wendy Nather leads the Advisory CISO team at Cisco. She was previously Research Director at the Retail ISAC, where she was responsible for advancing the state of resources and knowledge to help organizations defend their infrastructure from attackers. Wendy was also Research Director of the Information Security Practice at independent analyst firm 451 Research, covering the security industry in areas such as application security, threat intelligence, security services, and other emerging technologies
Wendy has served as a CISO in both the private and public sectors. She led IT security for the EMEA region of the investment banking division of Swiss Bank Corporation (now UBS), as well as for the Texas Education Agency. Wendy is co-author of The Cloud Security Rules, and was listed as one of SC Magazine’s Women in IT Security “Power Players” in 2014, as well as an “Influencer” in the Reboot Leadership Awards in 2018; she was inducted into the Infosecurity Europe Hall of Fame in 2021. She is an advisory board member for the RSA Conference, and serves on the advisory board for Sightline Security, an organization that helps provide free security assessment services to nonprofit groups. She is based in Austin, Texas, and you can follow her on Twitter as @wendynather.