for Barry Shteiman, security is all about people sharing information to keep each other secure
As director of security strategy at Imperva, Barry Shteiman‘s main concern is to keep data centres secure. Despite – or maybe because of – this his passion is to make sure information is shared.
What has been your favorite project so far?
A few years ago, I wrote an application called “SuperVeda” for Imperva, which is designed to imitate a vulnerable application for demo and learning purposes for our partners and customers. The reason that I mark it as an all time favourite, is that I spent so many years working on code security, always making sure that the right controls are in place, and all of a sudden, I had to take a step back and try to make the same mistakes that I always preached against.
The security arms race
What tech were you involved with ten years ago?
Two paths. On the career side, I was involved in the early adoption of content filtering systems and network AV solutions. On the personal path I was looking into polymorphic Trojans (the very early stages of current APTs), and DDoS… somehow that space always fascinates me.
What tech do you expect to be using in ten years’ time?
In security, there is no definite answer for it, but if we refer to history in order to guess the future, whatever hackers will do in ten years, we will develop a countermeasure. It’s always been the case, with these three basic steps: 1. Market adopts a new technology, 2. Hackers breach that technology, and 3. Security researchers develop an antidote. Nothing keeps brains on the security space more than the fact that every day there is something new.
Who is your tech hero?
Dennis Ritchie, the guy that invented the C programming language. While people tend to attribute computing success to creators of applications, and shiny new hardware, we tend to forget that people like Mr Ritchie created the foundation that everything we do with computers is based on, and has created generations of engineers that now run the technology world using C as their root.
Who’s your tech villain?
Anyone who keeps knowledge to himself. I am an advocate of collaboration.
What’s your favourite technology ever made? Which do you use most?
I have to say my smartphone. I used to be the guy to buy every cool gadget first, I always had the newest palm device, the newest phone, the latest GPS and usually replaced cameras several times a year. What I never had was enough pockets to carry it all around. With the arrival of smartphones, I am always connected and have everything I need with me. For me that is a life changer.
Apart from your own, which company do you admire most and why?
Steam. It’s not easy to invent a market and to be so successful in it. I admire their agility and creativity, they are very consumer focused.
What’s the greatest challenge for an IT company/department today?
Insider threats. I definitely think that there is a serious problem for organisations big and small, dealing with the insider threat, understanding data governance, flagging data misuse and employees being breached or going rogue. It is one problem that many security researchers are working on at the moment, and there are multiple approaches to mitigating that risk. However as long as the biggest security problem is a living and breathing human, companies will have to constantly look for better ways to deal with that risk.
To Cloud or not to Cloud?
To cloud. And by that I mean both private and public clouds. The virtualisation and elasticity of virtual infrastructure has definitely proven itself with the way that companies nowadays are able to create their data centres, test environments, DR and other required elements in a scalable way, either on premise or by moving it to a more public cloud. As evidence, almost every security vendor I know of, has some fingerprint in cloud security. This is a trend that you go after only when there is a market adaptation.
What did you want to be when you were a child?