Cyber Security Mini-Deep Dive: Cyjax. "The Eight Principles of Security Leadership: An insider’s view of SolarWinds & Supply Chain Failure"
Open exclusively to Oxford staff and students.
The Eight Principles of Security Leadership: An insider’s view of SolarWinds & Supply Chain Failure
In 2017, I failed to save a 5 billion dollar company from getting ravaged by Russian and Chinese Advanced Persistent Threat actors from a series of attacks that may have started in 2019. The repercussions of the SolarWinds “hack” as it has been characterised has generated a lot of attention – mainstream media up to and including three US government house committees: Intelligence, Homeland Security & Reform and Oversight. After four years of introspection I maintain the attack – even though it was conducted by nation state actors funded with millions of dollars and nearly unlimited resources - could have been thwarted. Although we characterise “security” into three domains of people, process & technology there is a need to unite these domains into a organization imperative. I discovered that without security leadership in place to unite people, process & technology in common purpose the three domains become silos. It is within these silos that threat actors exploit organizations and dwell within organizations undetected. In this presentation I present Eight Principles of Security Leadership and discuss candidly how they could have been applied to prevent catastrophe for an organization like SolarWinds. This presentation will be delivered for an exclusive Oxford University audience under the Chatham House Rule.
Ian Thornton-Trump CD is an ITIL certified IT professional with 25 years of experience in IT security and information technology. From 1989 to 1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch; in 2002, he joined the CF Military Police Reserves and retired as a Public Affairs Officer in 2013. After a year with the RCMP as a Criminal Intelligence Analyst, Ian worked as a cyber security analyst/consultant for multi-national insurance, banking and regional health care. Today, as Chief Information Security Officer for http://cyjax.com/, Ian has deep experience with the threats facing small, medium and enterprise businesses. His research and experience have made him a sought-after cyber security consultant specializing in cyber threat intelligence programs for small, medium and enterprise organizations. In his spare time, he teaches cyber security and IT business courses for CompTIA as part of their global faculty and is the lead architect for CyberTitan, Canada's efforts to encourage the next generation of cyber professionals.