Symantec Public Sector Vice President & General Manager Gigi Schumm discussed federal government cybersecurity with FedScoopTV during FedScoop’s 2nd Annual Cybersecurity Summit. Schumm touches on what she calls “security as an enabler” with respect to cloud computing and mobile, reputation-based security as “the next big thing,” key skills and putting people first.
Given cybersecurity’s life-long journey and often challenged by the crisis of the hour, why are you so passionate about risk management and security?
“It’s a particularly exciting time for security and risk management, because there are some changes in the way that we are interacting with our systems and our information and our environment that security be a true enabler … in allowing us to use [cloud computing and mobile applications] safely in our organizations.”
Where are you seeing revolutionary innovation in risk management?
“The really next big thing around security is reputation-based security … understanding when there is some code and executable that is going to come in and execute on your machine, what is the reputation of that piece of software? Where did it come from? How many other instances of it are there out there on the network? Is it from a reliable source or not? So there’s a lot of things you can begin to identify about a piece of code that’s going to run on your machine before it ever gets there so you can determine its reputation and whether or not you want to allow that in your system. That will really help with some of the most challenging security problems that customers are facing: zero-day attacks and advanced persistent threats.”
What skill sets outside of traditional cybersecurity domain have you required your key talent to apply?
“It’s important … that they’re really a student of IT, because security is a very important piece of the overall IT infrastructure. The IT infrastructure is a piece of the overall mission of the organization and all of those things are really connected. They really need to understand security first and foremost, the objectives of the IT organization and then greater objectives of the mission of the whole organization.”
If you only had $1 to invest in cybersecurity where would you put it and why?
“In terms of prioritizing … people are the most important thing. You can have the greatest technology in the world, you can have the greatest processes in place, but if you don’t have people that understand the policies and the process and understand the technology that are educated and skilled then you’ll never be a success.”