This year’s (ISC)² Secure Summit EMEA will take place in The Hague in April. In order to find out what elements set this event apart from other cybersecurity events, we sat down with Mary-Jo de Leeuw, Director of Cybersecurity Advocacy, EMEA at (ISC)².
How has the fast-paced threat landscape influenced the program of this year’s (ISC)² Secure Summit EMEA event?
The rapid pace of change has been fundamental in forming the agenda for this year’s summit. We’ve brought together speakers from a wide range of cybersecurity backgrounds, as well as broader IT security experts and wider business and inspirational speakers to create a programme that is thought-provoking, highly educational and directly addresses the issues keeping cybersecurity professionals under pressure. Whether your challenge is data privacy, cloud security, dealing with experiments in blockchain, incident response, data forensics, encryption, vulnerability management or building a better defensive strategy, the agenda has a lot of topical content and experts to interact with.
For example, we have sessions looking at the impact the General Data Protection Regulation (GDPR) has had on cybersecurity and data privacy approaches since the regulation came into effect in May 2018. We’ve also paired that with a live simulation workshop. That will take the form of a three-hour, highly interactive workshop that will help attendees experience and tackle data breach reporting in relation to GDPR. The scenario will keep evolving and they will be set a number of tasks.
This is just one of several examples of how we have made this year’s summit agenda interactive, highly topical and focused on delivering skills and takeaway knowledge that attendees can immediately put to use in their own organisations.
What would you single out as the most important topics for this year’s event? What keeps cybersecurity leaders awake at night?
Data privacy and complying with legislation such as the GDPR is definitely at the forefront of most cybersecurity professional’s minds right now. No organisation wants to be among the first to fall foul of this legislation, let alone be among the first wave to find out how aggressive regulators will be in imposing fines and other sanctions.
Beyond this there are a variety of critical issues right now. These include securing the cloud and securing hybrid IT environments to ensure the umbilical between on-premise and the cloud – as well as the cloud itself – does not become a weak link in the network that exposes everything.
Encryption, data masking and in-flight data protection is also at the forefront of cybersecurity consideration, as is the more traditional elements of malware, ransomware in particular and phishing. All three of these malicious code elements are on the rise again, so having the right tools, knowledge and strategy to hand is absolutely paramount.
What can attendees expect at this event? What makes it unique?
There are a variety of elements that set the (ISC)² Secure Summit EMEA apart from other cybersecurity events. We combine the close-knit community aspects of a member conference with the scale and depth of a larger industry event. Our membership plays a significant role in both the development of the summit programme, as well as its delivery. Our programme is not just a one-way stream of presentations. Interactivity is at the heart of the programme, with multiple sessions dedicated to hands-on practice and scenario simulations in an environment where mistakes can be made, analysed and learned from without risking real-world data, users and organisations. We also have competitive interactive elements such as our Capture the Flag tournament.
There are also the many opportunities for peer networking at the event, from our town hall session with the (ISC)² leadership team to (ISC)² chapter meetings and the Information Security Leadership Awards (ISLA) EMEA lunch, where we honour outstanding contributors to the EMEA cybersecurity ecosystem from within our membership as well as from the wider community.
Most information security events take place in large cities. Why did you choose The Hague as the location for (ISC)² Secure Summit EMEA?
The Hague is a large city, as well as being the European epicentre for many aspects of cybersecurity, the law and digital information. It is home to Europol, the International Criminal Court, NATO Communications and Information Agency, the EU digital platform for cultural heritage, The Hague Security Delta (the biggest security cluster in Europe) and the Cyber Security Academy to name just a few. It is the ideal location for our first EMEA Secure Summit event.
Enterprises around the world are having a hard time finding cybersecurity professionals. How problematic is the information security skills gap in EMEA? How can (ISC)² help?
There is no question that there is a profound cybersecurity skills gap, not just in EMEA but globally. The 2018 (ISC)² Cybersecurity Workforce Study revealed a global skills gap of 2.93 million globally, of which 142,000 are in EMEA alone. A big contributing factor to this has been the many growing economies across the region, coupled with a range of new cybersecurity and data privacy laws being enacted such as the GDPR.
It’s having a real-world impact on companies and on the very people who are responsible for ensuring cybersecurity best practice and defence within them. According to the research, two thirds (63%) of the people who participated reported that their organisations have a shortage of IT staff dedicated to cybersecurity. Only a quarter of companies (28%) claim to have adequate cybersecurity staffing today. That’s a worrying state of affairs given the level of threat that organisations across a variety of vertical sectors face. Not to mention the general need to educate staff, contractors, customers and suppliers to adhere to cybersecurity processes to ensure their own digital safety as well as that of the organisation.
There are a variety of things that can be done to address this. At (ISC)² we are undertaking a variety of initiatives. First and foremost, our certifications, their associated training programmes and exams, serve as an assurance of competence and qualification for professionals looking to hold critical roles within the IT and security framework of an organisation. From there, we run webinars throughout the year that help our members build their knowledge, stay up-to-date with the latest trends and issues, as well as being an archive of knowledge that can be replayed on-demand.
Events such as the EMEA Secure Summit and our chapters provide opportunities for delegates to hear from some of the most prominent and thought-provoking minds in our industry. This is as well as hearing from and sharing ideas with their peers across formal sessions and informal gatherings.
Most recently, we announced the launch of our Professional Development Institute (PDI). Provided as a free portfolio of course offerings to (ISC)² members and associates, PDI will help enhance their skills and abilities by providing access to rich continuing professional education (CPE) opportunities that augment the knowledge they’ve gained throughout their careers and in the pursuit of their certification.
We want to establish and develop the on-going education resources necessary to advance our members, support their CPE needs and bolster the cybersecurity profession as a whole in the face of complex and challenging cybersecurity threats and issues.