All security strategies start with risk, says Hartman - understanding your own organization's business risks.
"What are the critical assets that need to be protected?" says Hartman, Cisco's chief security officer. "The reason that's so important is that we view, as central to this approach, [the need to] defend yourself from these attackers. The only way you can defend yourself from these attackers is if you know what the attackers are going to get."
In a keynote address at RSA Conference Asia Pacific & Japan, Hartman addressed the topic of "New Approaches for Defending IT in Today's Threat Landscape." As part of that address, Hartman outlined how security leaders must take a threat-centric approach and defend against the entire attack continuum - before, during and after an attack.
In this interview recorded after his keynote address, Hartman discusses:
- How to evaluate and communicate business risks;
- Understanding the attack continuum;
- The challenges posed by information sharing and the Internet of things.
As Vice President and Chief Technology Officer, Bret Hartman is responsible for defining the corporate security technology strategy for Cisco, as implemented by the Security Business Group. He has over 30 years of experience building information security solutions for major enterprises. His expertise includes cloud, virtualization, Service Oriented Architecture (SOA) and Web Services security, policy development and management, and security modeling and analysis. Hartman has spoken at dozens of security and privacy industry events and is a recognized authority on distributed systems security
Prior to Cisco, Hartman was Chief Technology Officer of RSA and an EMC Fellow, where he defined the security technology strategy for EMC.