This talk describes how/why system owners need to start taking responsibility for their own security. The fact that my city has a police department does not mean that I don’t lock my door or that I am not vigilant about my own property. Sadly, in IT today, this has gotten lost. Systems are breached for weeks/months at a time with no one knowing that it is going on. This year, globally there will be over a million INFOSEC positions that need to be filled. The fact is, there are not a million IT professionals looking for work, much less INFOSEC. We can add more eyes and intelligence to the challenge by enlisting system owners to take SOME responsibility for their own security.
John Smith has 18 years in IT, 16 in the enterprise before going to the vendor side. Unlike a lot of your speakers he is, in fact, NOT an INFOSEC practitioner. He does consider himself and have throughout his career, a person responsible for security. As security teams have evolved, system owners themselves have all but absolved themselves of taking any responsibility for their own security. He wants to change that!