Security Bytes

May 29 2007   9:20AM GMT

Security researcher shocked at CIO, CISO grasp of security concepts

Robert Westervelt Robert Westervelt Profile: Robert Westervelt


How knowledgeable is your CIO or CISO about the latest security technologies or even the most basic security concepts?

Writing about her recent experiences speaking at several security conferences, security researcher Joanna Rutkowska, said in her Invisible Things blog recently that she was shocked at the level of understanding many CIOs and CISOs had about basic security concepts.

Rutkowska keynoted at the InfoSecurity conference in Hong Kong. Her central message was that “technology is just as flawed as the so called ‘human factor,’ understood here as a user’s unawareness and administrator’s incompetence.” Rutkowska said that although it was the least technical presentation she’s ever given in her life, it was still perceived as too technical by the audience.

“And I didn’t even mention any specific research I’ve done – just some standard stuff about exploits etc…,” Rutkowska wrote.

In a discussion panel after the keynote, Rutkowska observed that some CIOs and CISOs were naïve to many basic security concepts.

I’m sure some upper level IT pros go to security conferences to gain a higher level of understanding of security technologies. But if you’re going to be a presenter or taking part in a panel discussion, you should probably have a basic level of IT security knowledge. Do CIOs and CISOs have an agenda when they take part in a security conference or are they really there to give attendees insight on ongoing IT projects?

Technorati Tags: , , ,

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: