In the security industry we talk about people, processes and technology. However, our efforts are heavily focused on technology, whether that’s building more complex firewalls or creating more advanced antivirus software. Recently the industry focus has shifted to processes, but it seems we continue to overlook the “people” part – limiting our efforts to security awareness training.
There’s an old joke in the community that there is no patch for the user – technology can be fixed, but human mistakes cannot be overcome. But I believe that peoples’ actions aren’t a problem that can be easily dismissed with a joke. They motivate me to be creative and think differently.
Starting from early childhood, I’ve always enjoyed building and breaking things – not always in that order. I have a natural curiosity to learn how things work and why – always looking for ways to make them better. Because of this, I knew my career was going to have a technology or engineering component to it. As I finished high school, I realized I didn’t have the specific knowledge I would need to go into a tech career straight away, so I decided to go to university to get a fundamental understanding of how things work. And by things, I mean everything, from the sub-atomic inner workings of a transistor to how the largest supercomputers in the world are wired. As a result, I found an interest in security. The ability to make things fail in ways that hadn’t been planned – and how this could be exploited by hackers – absolutely fascinated me.
Upon graduating from university, I decided to reject a funded PhD to work for the UK government. I figured that I could always return to academia, but learning the secrets behind the national security curtain would shape my entire career. As they are charged with securing the nation, I estimated the government would have the best understanding of what security is all about. They did. During my time in government, I not only acquired in-depth technical knowledge, but I learned the importance of speaking with people. And that’s where I began taking the more human approach. When a new technology emerged, I would take it back to a fundamental level by asking why is it important and why does it matter. By continually asking why, I stripped away layers of fluff to find the core security principles, and then build it back up. This “why” approach is a framework I still use today. This approach gives me the ability to talk on a deep technical level to engineers, and also at a higher level to business people who don’t need to know every minute detail.
A Live Panel Discussion During Black Hat USA 2017
Want to learn more about the human element of cybersecurity? Join us live what should prove to be a very engaging conversation.
Today, I work to educate users about security – the risks they face, what they need to do to protect themselves, and the technology that can help them. When I’m not actually speaking with people, I spend hours thinking about how engaging with people can make security better, and how security can make people’s lives better. The current focus on user experience in consumer technology is enhancing peoples’ lives. The Internet of Things (IoT), for example, helps create an environment where devices can aid a person’s quality of life. It should be no different when it comes to cybersecurity. I want to help simplify peoples’ lives. Often small things can be done that can impact and affect user behavior so they can make smarter choices, and it makes security better for everyone. This is always in the back of my mind as I continue to build and break things.
About Joseph Pindar
Joe Pindar is the Director of Product Strategy in Gemalto’s data protection CTO office. A fifteen-year veteran of the Information Security industry, Joe has always focused on securing systems and catching bad guys.