Wing Private Dinner at Black Hat 2019
The 17 CISOs included 14 public companies (7 tech, 7 non-tech), 2 private companies ($1B+ valuations), and 1 major university.
The discussion took a life of its own very quickly, being one week after the Capital One breach. Topics included:
- How are we doing as an industry on preparedness?
- What exactly was the nature of the Capital One breach?
- Are consumers so numbed to breaches that they do not have a material, long-term impact?
- Should cloud providers be more liable or responsible for security vulnerabilities?
- What privacy regulations will be enacted in US next, and will it be state-by-state?
- What are practical lessons on cloud migration path and governance?
Interestingly, we anonymously asked the group:
From 1 to 5, with 1 being unprepared and 5 being prepared, how prepared is your company to respond to a Capital One-like breach?
The blinded, aggregated results are below. There was only one respondent with 5, and the median and average response was 3.
In addition, the CISOs had an interesting discussion on “more hardening” vs. “zero trust”, which is relevant to our investment thesis in cloud-native, identity perimeter-based security.
Security is a dynamic, high-growth, and crowded sector, and despite the significant awareness and increased efforts over the past few years it is clear that all of us recognize there is much more work to be done.