#GSXPLUS

Fresh Ideas and Insights from GSX+

By Luann Edwards

In this “new normal,” security professionals are facing changing physical spaces, greater “attack surfaces,” hybrid work environments with employees, and cyber criminals who are bored and more active than ever. GSX+ keynotes and sessions were rich with insights, new techniques, and fresh ideas. Here are just a few:

Start with people.
While technology, cyber security, and physical security are all important, people are always at the center. As Moore and Boulgarides shared in their session, “The Real Story of How Analytics Affect Physical Security,” building relationships with your counterparts outside of the security function helps you understand their motivations and deliver value across the organization.

As Keren Elazari noted in her keynote, “The Future of Cyber Security,” employees have become the chief technology officers of their own environment. Reminding them of security procedures at home can help them protect their own “personal digital republic.”

Insights are waiting to surface from the data(base).
We learned in the analytics session that there are solutions that we haven’t even considered from security systems data. Those insights can be surfaced through machine learning, where the analytics technology can answer questions, point to trends or suggest solutions through sophisticated analysis.

Edward Ahaeb, in his session about “Online and Social Media Investigations,” shared some of the unexpected places where information can be found online. A simple reverse-image search using readily available cloud-based tools can reveal the origin of an image and where that image also appears online. Conversely, readily available online data can reveal more than anticipated, something – as he noted – that should be considered as part of executive vulnerability plans.

Hackers can be for good.
The term “hacker” comes with some negative baggage, but there are so many hackers who use their talents for good. Keren Elazari’s keynote session, “The Future of Cyber Security,” introduced participants to the concept of the “friendly hacker,” of which, “thousands … are stepping up to help.” That takes the form of voluntary movements – such as the CTI League – and “bug bounty programs.” In Elazari’s words, these are the “cyber immune systems” that organizations are taking advantage of to find vulnerabilities. And hacking for good can come with a solid financial benefit – a quick web search shows compensation could be as much as US$50,000 a month.

Innovation happens during a crisis – for good or bad.
The fact that the term “malware economy” exists shows that cybercrime has become mainstream. As Elazari said, the cyber criminals haven’t wasted a good crisis with the COVID-19 pandemic. She noted an increase in the volume of submissions of vulnerability reports because of the free time that the pandemic created for hackers.

Her advice? Learn from the hackers, consider their techniques, and take on a continuous learning approach. Adapt and evolve – just as they are! Understand how much your employees are invested in cyber security – and work to make it equal to the vigilance they would afford physical credentials such as an access key card.

Boulgarides noted in the analytics session that a number of security systems that provided the typical data could also be repurposed to help with COVID-19 related protocols. Examples are to use access control systems and mobile credentials to monitor flow; video analytics to gauge mask-wearing compliance and to develop heat maps for cleaning protocols. This provides an opportunity for security professionals to expand the value of their data beyond security and to meet the needs of the new world of living and working during a pandemic.

Social media has value, despite downsides.
Ahaed’s session focused on the wealth of information online that is available for investigators, including social media content. And there’s no question that social media can be filled with misinformation and unhelpful noise. But, as Elazari said, “don’t throw the baby out with the bath water.” Social media is a tool to connect, learn, and grow professionally. My own advice as a practitioner in this space aligns with that: Take what’s good, filter out what’s not. Curate your feeds. Know your settings. Ensure that you’re seeing what is helpful for you and filter out the rest. Use social media for connection and conversation, especially as we are not meeting in person.

If I had to distill my takeaways into a few messages, it would be:

  • Think outside of the traditional framework for all facets of your work.
  • Learn from the “bad guys” and partner with experts who do similar work for good.
  • Adopt a learning mindset; never stop seeking knowledge and growth.
  • Connect with your fellow humans! This is more important than ever.

These sessions, and all of the GSX+ sessions, are available on-demand through December 31st, 2020 for All-Access pass holders.

Luann Edwards is a social media marketing consultant and blogger. She is the founder of Socially Professional, a social media marketing consultancy, based in Providence, Rhode Island, USA.