IT Life: Secure your Data, Not Your Network!

Neil Thacker has worked in IT security for fifteen years, with posts at Camelot UK Lotteries, Swiss Re and Deutsche Bank before he became information security and strategy officer for Websense, He is particularly interested in network and data security for the enterprise, public sector and financial sectors.

What has been your favourite project so far?
Deploying data leakage prevention solutions. I have spent years helping people understand why information security is so critical, including educating employees and taking issues to board members.

However, when I switched to a more data-centric strategy, it made everyone understand and introduced accountability to the equation. I made information owners responsible and aware of broken business processes, which gave me the green light to talk to the board on a regular basis. This strategy clearly defined the importance of information security and helped ensure our continued success.

Remember the modem?

What tech were you involved with ten years ago?
Thinkpads, Windows NT and Psion PCMCIA Gold card modems…wow. Ten years ago (to the month) I made the switch from IT support to security full time. In fact, the infamous Blaster worm had just hit. The CIO realised that due to the impact (we lost 50+ machines that day – sniff) we needed someone full-time focusing on security. I developed a robust patch management strategy and starting scanning (SuperScan) our network looking for rogue NT clients…hence the origin of my nickname, NT hacker.

What tech do you expect to be using in ten years’ time?
I hope someone makes an amazing hybrid device in the next few years so I can stop dragging around both a laptop and a tablet. I suspect that wearable tech will also be really popular once we have ironed out the usability issues and fixed dictation once and for all.

With regards to security, I’m a firm believer that companies today should be investing in security solutions that have active components – to prepare for the future.

I expect technology companies will continue to innovate but in potentially the wrong areas. It’s vital to determine behaviour changes and highlight security incidents before they happen, rather than the passive model where the attacker is allowed in and then the alarm is triggered. It’s the smart fridge ideology. Order your milk, eggs and vegetables before you run out, rather than after. I also want one of these please!

Who’s your tech hero?
Elon Musk…brilliant technologist who doesn’t understand the word “impossible.”

Who’s your tech villain?
Not naming any names but the tech companies that spend more money on sales and marketing than innovation. It’s great to sell products, it’s even better to sell GREAT products that make a real difference.

What’s your favourite technology ever made? Which do you use most?
My favourite technology is probably wireless/satellite communications. Without wireless communications the internet wouldn’t matter or be half as influential as it is now. I mean what did people do in airports before wireless?
The technology I use the most now is my Macbook Pro Retina. I use it all day, every day. I’ve been using Macs as my primary machine since they included x86 over PowerPC processors.

Lock up your data

What is your budget outlook going forward? Flat? Growing?
I don’t personally have a budget but I am forecasting all security budgets in the near future will be dedicating money specifically for data security rather than spending all their money on infrastructure security. I’m a firm believer that it’s all about the data and not the piece of tin you use to hold and process the data. Of course it still needs protecting but let’s also protect the data that can make or break your business. There is a reason “information” is in IT and InfoSec.

Apart from your own, which company do you admire most and why?
Tesla and SpaceX – both companies push the boundaries and make things happen that most cannot. I truly believe it is because of Elon’s vision that everyone trusts they can change the world … and they are. They take on huge risks and win more than they lose – I think that is something to be admired.

What’s the greatest challenge for an IT company/department today?
Complexity. Over the years we have applied new technology to help keep up with the business without ripping out the old or thinking of new ways to build our networks.

I still visit organisations today who have dual layer firewalls with an IDS in the middle. They think that is best security – it isn’t. Organisations need to adopt a ‘layered’ security approach, which oversees an organisation’s infrastructure. This approach ensures that advanced threats, targeted attacks and evolving malware threats are unable to gain access to the network, ensuring confidential and valuable information is safe from harm inside and outside the company. I also believe we need to think differently about comprehensive security defense strategies yet most don’t know where to start. I’m always happy to share new ideas and help with these challenges.

To Cloud or not to Cloud?
Combo/hybrid – utilise the cloud for all the non-sensitive data, however teams working on generating IP and business critical data should have their box in the company’s data centre. The biggest concern with cloud is how technology teams apply technology to track where their data resides and in which jurisdiction. Once they have this under control, cloud isn’t as scary as most make out.

What did you want to be when you were a child?
I wanted to be in the RAF and fly fast jets. That was my dream until I was 16 when I realised I met all the requirements apart from one – I was too tall (I’m 6” 5). I was an adrenaline junkie so civil aviation didn’t quite have the same appeal. Information security; however, does give me that buzz.

Is your fridge smart? Try our Internet of  Things quiz!