Thoughts from the IDC Security Roadshow in South Africa

Greetings from the IDC Security Roadshow in Johannesburg, South Africa! I am sitting here in the hotel lobby looking out at the Nelson Mandela Square listening to the explosive track from DJ Fresh – The Feeling (Ft. RaVaughn) (Metrik Remix), reflecting on the last couple of days and the discussions Ive had with various people.

I have been giving a few interviews and I was also presenting at the IDC security conference; my presentation is called The Diary of a Security Geek and it includes material from a one year long research project I have had. It basically contains observations made during these conferences and some really interesting facts on how security managers see IT security, how they prioritize and some interesting false perceptions on IT security and risks. I know that some of you might be interested in this research, so dont worry – I will publish my research at a later date and I will also be giving the same presentation on quite a few conferences around the world this year.

The presentation was very well received and I had some really interesting discussions afterwards. Maybe it is time to write another diary?

During the conference I also had the opportunity to listen to some interesting presentations. They included:

  • Mythbusting Converged Physical, Logical and Remote Access by Paul Anderson from Active Identity.
  • Stepping Away from Your Desk: Shifting Perspective And Going Mobile by Nader Henein from Research In Motion.
  • Security Privacy and Social Networking by Kovelin Naidoo from eBucks NFB
  • Securing The Next-Generation Enterprise by Ranjit Rajan from IDC

It was really interesting to see what some of the IT security companies out there are working on, and also some of the issues the CXO and other IT managers struggle with every day. Coming from a European country with fast Internet and suitable weather for building data centers, you get a different view on IT security.

When traveling the world and meeting all these interesting people it becomes really clear that IT security is not just a product, a service and a mindset; it can also be a cultural problem. For example, how do you enforce a security policy when people from different cultures simply have a different mindset on what constitutes confidential information, or about access rights? When, for example, the king of a country can make changes in the nations firewall rules? When certain religious views affect working hours?

IT security is not only a local problem for your organization, it is also a global problem because we are all connected with each other, and we rely on each others security. Im pretty sure that everyone who read this have heard about the saying: The security is only as secure as the weakest link. Today we share data with many different partners, and we simply have to rely on their security. To really build good security we all need to work together, share experiences and ideas. And speaking at conferences around the world provides a really good opportunity to share this information with everyone.

I had the opportunity to talk about this for a quick five minutes at Summit TV while I was down in South Africa. They have published the interview online and if you are keen to see it, just tune in here:

I hope to see you at a conference close to you and hear about your experience on this journey!

Thoughts from the IDC Security Roadshow in South Africa

Your email address will not be published. Required fields are marked *



Operation TunnelSnake

A newly discovered rootkit that we dub ‘Moriya’ is used by an unknown actor to deploy passive backdoors on public facing servers, facilitating the creation of a covert C&C communication channel through which they can be silently controlled. The victims are located in Africa, South and South-East Asia.

APT trends report Q1 2021

This report highlights significant events related to advanced persistent threat (APT) activity observed in Q1 2021. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Subscribe to our weekly e-mails

The hottest research right in your inbox