Recently the ACDS team exhibited at the National Cyber Security Show in Birmingham. I’m no stranger to trade shows, having attended as both a buyer (in my time working at The White House) and an exhibitor. I’ve seen both sides and with it the good, the bad, the ugly. So, what were my key takeaways from the event?
Openness: An Equal Playing Field
When it comes to shows, there can sometimes be a reluctance to engage with vendors at risk of getting trapped by an eager or overbearing salesperson. From a vendor point of view, there’s a worry that you’ll end up speaking to the wrong people. The NCSS assuaged these fears.
I was particularly struck by how open and engaged people at the event were. Attendees wandering the show floor would come to our stand to have discussions with us and ask questions about Attack Surface Management. Not only this, but attendees of all seniority would engage with us, from CISOs to new starters.
The show really allowed us to engage and share as practitioners in our field, as opposed to merely vendors/attendees. Practitioners who bring their own experiences and backgrounds with them, no matter who they’re representing now. The conversations felt very human.
At our stand we also debuted our brand new ASM OBSERVATORY video, which you can find here.
The Question: How Do You Get Middle Management to Take Cybersecurity Seriously?
During our conversations with the attendees, the most frequent question was: How can middle management and senior staff be convinced to prioritise cybersecurity? People need simple, professional ways to present this often intangible topic to the board.
Specifically, management reports need to quantify risk in a way that’s easy to understand and process, whether that’s an industry recognised score or monetary amount. Presently, there is not an agreed industry-wide standard for ASM risk.
The Future of Cybersecurity: Quantifying Risk
Business leaders need a verifiable, transparent and consistent way of quantifying ASM risk. But what might this look like? Only time will tell (watch this space). Ultimately, we need a way to meaningfully summarise cyber risk, perhaps using gamification (for middle management buy in), informed by real time data and an understanding of why cyber (and risk) are important.
We must avoid a false sense of security by misrepresenting data. Only the latest technology can inform such a venture.
Overall, the show was great. The depth of conversation was impressive, and the openness of attendees made the event particularly compelling.
To see what we got up to at the event, watch this video.
At CYBER UK this week? I’ll be there too! Make sure to stop by and talk to us about all things ASM.