- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
CSO - With a resume that includes certifications, several books, and frequent speaking and guest columnist gigs, Ira Winkler is a recognized leader in the security industry today. Currently president of the 10,000-plus member Information Systems Security Association, Winkler is also president of consultancy Secure Mentem. Not bad for a guy who majored in psychology and says he wanted nothing to do with computers in his college days.
How did he get from there to here? "No one else would hire me but the U.S. government," says Winkler jokingly. In truth, he took an aptitude test on a lark while considering career paths senior year and discovered to his surprise he had a flair for the technical.
After gaining the requisite clearance, he took a job as an intelligence analyst with the National Security Agency. Winkler quickly realized that jobs working with computers paid better than those that did not, so he grudgingly took a position as a computer science intern, taking computer classes and having rotating assignments that included programming support for cryptanalysis, system development, and field operations, where he spent three years. His background in intelligence taught him one thing: No one cares how you get the data, it's the data itself that's important.
This lesson served Winkler well in subsequent years, during which he hacked corporate information through unconventional means such as bugging the office of the Fortune 10 CEO, who hired him to do penetration testing. His goal was to get to the heart of the business value of a security breach, which is a much more relevant description to a business executive than the typical security terms, he believes.
With data gathered through social engineering, computer hacking, and the bugging, Winkler walked into the executive's office and reeled off detailed information about the company's mergers and acquisitions and products under development.
"I said, 'I have here everything you hold valuable to your whole company.' That put a business value on it. He bumped up the security budget by $10 million and hired security officers."
"Executives don't care if you get on their network," Winkler says. They figure other outsiders are probably on there already and it hasn't hurt their business any. What's relevant: the cost to the business-in dollars-of any past or imminent loss due to that security breach. Of course, proving your cost estimate is accurate is easier said than done.
In business, every decision requires a balancing act. In a perfect world, everyone would ensure that their networks were free from intrusions from foreign governments such as China, which is the main offender of late. But of course, that's not always how it works out.
"They want to do business with China, so they're willing to accept that some of their data will be lost in exchange for a larger portion of the Chinese market. It comes down to understanding the business risk: Here's what we are preventing and here's what it's going to cost to prevent," Winkler says.