The (ISC)2 Security Congress, which ran in parallel with the ASIS International Seminar and Exhibits, showed some interesting trends in the security space.
The combined event highlighted the lack of cross-functional awareness between cyber security and physical security practitioners. We talked to many attendees from the physical security world who are rapidly becoming more involved with computer security too. In some cases they have been given that responsibility, in others they are realizing that physical security always has online components, whether it be threats, attacker planning, recruitment, or defender investigations.
Within just the (ISC)2 talks and exhibitors, there was a notable absence of conventional detection and perimeter-focused security. The momentum is towards system resilience, endpoint protection, improving application security, and architecting more robust infrastructure. Security practitioners are no longer under the delusion that they can create and defend a wall around their networks. Browser, cloud storage and other technologies have blasted gaping holes in the firewalls, while BYOD policies have dissolved the idea of perimeters entirely. It is exciting and gratifying to see the cyber security industry moving away from the older ineffective security approaches and towards the kinds of security models Ntrepid has advocated for years.