Black Hat 2019: Cultivating a Culture of Security in your Organization

As the Product Manager for Remote Support at BeyondTrust, it is important to keep up with security trends that affect the service desk. This was my first time attending Black Hat, and I was excited to catch Dino Dai Zovi’s keynote and sit in on breakout sessions. Coming from a very hot summer in Mississippi, I was looking forward to visiting Las Vegas with its less humidity – although it still hot still just different kind than I am used to!

It’s great for product managers to attend conferences where BeyondTrust has a booth. We’re able to talk to existing customers and potential new customers and hear different perspectives than we normally encounter in our day-to-day activities. These face-to-face conversations are also a constructive opportunity for us to receive input on potential feature candidates and our product roadmap.

The BeyondTrust booth was a popular draw at the event. A common theme amongst booth visitors was the desire to protect insider and 3^rd party access within their environment. Some organizations have a pretty good handle on who is coming in and out of their environment, whereas for others, it may still be the Wild West. Another hot topic was knowing and controlling what someone can do once they do gain access. Do they know admin credentials? Are they able to perform elevated tasks broadly? Are they able to access other systems once they have made initial access?

Black Hat founder Jeff Moss kicked this year’s event off by sharing his perspective that we have moved beyond the “it’s our time” topics of previous Black Hat events. High-profile security breaches are driving home the importance of a strong cybersecurity posture and a forward-thinking vision for IT risk management. With GDPR going into effect last year and a few large organizations already incurring hefty fines, the importance of protecting personal information is front-of-mind for many organizations. The sentiment now seems to be that security teams have gained the attention of decision-makers in both the public and private sectors.

However, as Dino Dai Zovi of Square stressed in the keynote, an organization’s culture of security should not be overlooked as a critical factor in how security is implemented, practiced, and upheld. He provided an example of the strong security culture at Square where security engineers are working directly with software teams providing real-time feedback loops. In the past, security teams may have been seen as outsiders, or inhibitors to productivity. Now, security teams are vital in the underlying design and architecture. While Dai Zovi’s example was for a software company, this can certainly apply to many other types of organizations as well. DevSecOps is one such movement now underway at many organizations that is trying to make this vision happen.

Having a good working relationship with your security team is vital to the success of your team and organization. Modern security tools are striving to balance security and productivity. Many BeyondTrust products can increase your overall security while also making you more efficient. This could be discovering credentials with Password Safe and mapping those to assets in your environment, enabling least privilege with Endpoint Privilege Management so your users can stay secure and productive, and securely providing privileged credentials via credential injection to your helpdesk in Remote Support.

How would you rate your relationship with the security team at your organization? Have you ever reached out to them with questions? I urge you to strike up a conversation. Ask them a question. Start thinking about security first and ensure you are doing your part to make your company more secure.