• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • About
    • Secure360
    • UMSA
    • Get Involved
  • Events
    • Secure360 2021
    • Student360
    • Past Events
      • 2020 Secure360 Twin Cities
      • 2020 Student360
      • 2019 Secure360 Twin Cities
      • 2019 Student360
      • 2018 Secure360 Twin Cities
      • 2018 Secure360 Wisconsin
      • 2018 Student360
      • 2017 Secure360 Twin Cities
      • 2017 Student360
      • 2016 TC Secure360 Conference
      • 2015 Secure360 Conference
      • 2014 Secure360 Conference
      • 2013 Secure360 Conference
        • 2013 Secure360 Conference Speaker Presentations
      • 2012 Secure360 Conference
  • For Sponsors
    • Secure360 Twin Cities
    • Student360 Sponsors
  • For Speakers
    • Secure360 Speaker Details
    • Student360 Speaker Details
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Automate security or face the wrath of millennials

May 2, 2016 by Andrew Plato

millennials and security

Copyright: 123rf/adiruch

The following is a guest post by a 2016 Secure360 Twin Cities Gold Sponsor Anitian. 

Like it or not, Millennials will dominate the workforce of the future. Right now, Millennials comprise about 38% of the workforce, and by 2025, that will rise to 50%. For the past year, Anitian has been researching the impact this trend will have on workforce development and information security. This post is the beginning of a series of articles, blog-entries, and presentations Anitian will produce based on our research.

Our research shows that few companies are prepared for this change. Among the many issues we have identified, the expectation of automation is one of the most disruptive issues for information security.

The Millennial generation (and to some extent GenX) has come of age in a world of ubiquitous Internet access. Moreover, they have also grown up in a world where significant aspects of their lives are automated.

Consider an obvious example: Google. Prior to the 1990s, if you did not know something, you had to go to a library or search through a book. This was time consuming, which meant you were motivated to remember whatever you looked up. Google changed all that. It put nearly unlimited information a few keystrokes away and automated the process of searching. The mere fact that Google is a verb, proves this. Don’t believe me? Well, Google it.

Consequently, we have a generation of workers who are extremely accustomed to this kind of automation. There are countless other examples: iPhones, Netflix, Facebook, Instagram, Amazon.com, and so forth…all of these are highly automated platforms with ubiquitous access to data that can do a lot of the tedious work of storing, searching, and cataloging. They also provide automated ways to alert or remind us of events.

Millennials expect this kind of access and automation in their lives and workplace. Nothing is more frustrating to a Millennial then being forced to use manual, time-consuming processes. They seem archaic and stupid, which causes them to disengage and quit. Millennials trust the cloud more than they trust a piece of paper.

Information security is not immune from this issue. Staring at consoles chasing down every virus alert is stupid to a Millennial (I think it is stupid as well, and I am a GenXer). They expect this kind of work to be automated. Yet, for older executives and directors, this kind of automation is frightening. We hear it all the time in our assessments: “we cannot allow auto-blocking to impede our business.”

Except, that is exactly what is happening. The lack of automation is creating an environment where attack, compromise, and theft are more likely. It is naive to think that humans (or any internal incident response process) can work at the speed of the attackers. The “bad guys” exploit automation in every conceivable way possible. The notion that hackers are all hoodie wearing kids tapping away on keyboards is the stuff of TV shows, not reality. The sophistication of today’s attackers can outclass some of the largest software vendors in the world. And while a living person may monitor the attacks, it is the compromised servers and content distribution networks that do all the work.

Millennials know this, implicitly. Their whole life has been about automating anything they could. And for them, it seems positively archaic to reject automation, when your enemies have completely embraced it. This means if your information security program is going to be effective with the workforce of the future, it must automate. (It must do other things as well, which we will address in future posts and articles.)

The good news is automation is getting easier. The growth of Security Analytics platforms is allowing organizations to unify and automate large portions of their security monitoring. Leading Security Analytics market are companies like Cisco, IBM, BlueCoat, ForcePoint (formerly Raytheon/Websense), Palo Alto Networks, and Fortinet.

Emergent companies, like RSA’s Innovation Sandbox winner Phantom, are also developing ways to automate security operations and analysis across disparate platforms. Cisco’s Martin Roesch specifically addressed automation in his RSA Conference keynote as a crucial initiative for their future plans.

Your workforce is changing and your information security must change along with it. If you want to build the next generation security program, then you need to listen to what the next generation is saying. And they have made a very clear statement: automate or we are out of here.

Filed Under: Guest Posts

About Andrew Plato

In 1995 while working at Microsoft, Andrew Plato executed the first known instance of a SQL Injection attack against an early e-commerce site.  When he demonstrated this attack to the developers, they dismissed the issue as irrelevant. Intrigued, Plato left Microsoft to found Anitian, an information security intelligence firm. Today, Anitian is one of the most trusted names in security intelligence with clients worldwide. Anitian has a mission to Build Great Security. For the past 20 years, Plato and Anitian have consistently executed on this mission with innovative, pragmatic answers to the most vexing security, compliance, and risk challenges. Plato's career encompasses nearly every dimension of information security. He has participated in thousands of security projects, written hundreds of articles, and advised hundreds of C-level executives. Being both a business owner and a security practitioner allows Plato to bring a unique perspective to any discussion regarding security, technology, and governance.  Plato is well-known for delivering entertaining presentations that challenge conventional thinking and deliver practical answers to complex IT security challenges.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Marketing Envy
    Marketing Envy: [New Blog] 2020 saw in-person conferences evaporate, but with vaccines rolling out, 2021 could be different. H… https://t.co/4YONwZNsDa
    about 11 hours ago

  2. Secure360 Conference
    Secure360 Conference: We are honored to be listed on the Top 20 Cyber Conferences for 2021 -> https://t.co/MnrQ3E5ifw
    about 1 day ago

  3. Secure360 Conference
    Secure360 Conference: Fascinating stuff about the shift from brick & mortar to e-commerce, from Diamond Sponsor @cisco! https://t.co/4GaYGQKZ1a
    about 4 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2021 Secure360. All rights reserved.