Solving Big Risk Problems One Small Step at a Time

Originally appearing on GovInfoSecurity:

The Global Cyber Alliance is taking on small projects to come up with solutions to big cyber risk problems.

“It’s essentially using a startup approach to a much bigger problem,” says the alliance’s chief executive, Phil Reitinger, who’ll deliver a keynote address at the New York Fraud and Breach Prevention Summit on Aug. 2. “You pick part of the problem and you design a solution and you see if it works. And, if it doesn’t, you want to fail fast and then try something else. You don’t want to get caught up in all of the administrative overhead and workaround, trying to have an omnibus strategy that will be out of date before it’s ever implanted.”

In an interview with Information Security Media Group (check out video here), Reitinger:

  • Discusses one of the alliance’s first projects: mitigating phishing scams that use spoofing emails;
  • Outlines cyber risk projects the alliance will likely tackle in the coming months; and
  • Characterizes the current IT security environment as “the Bronze Age” and explains how the IT security community should take steps to be more scientific in its approach to cyber risks.

From Witch Doctors to Scientists

“We have a long way to go toward where we have cybersecurity practitioners who are scientists as opposed to artists or witch doctors,” he says.

The Center for Internet Security, a not-for-profit organization that oversees the Multistate Information Sharing and Analysis Center; the Manhattan, N.Y., district attorney’s office and London police teamed up to form the Global Cyber Alliance to identify measurable ways to mitigate cyberthreats (see New Global Alliance Seeks Measurable InfoSec Solutions). In an earlier interview, Reitinger makes one thing clear: The alliance is not a coalition of the willing; it’s a coalition of the angry (see Global Cyber Alliance: A Coalition of the Angry).

Before being tapped as the alliance’s president and CEO last year, Reitinger served as deputy undersecretary for cybersecurity at the Department of Homeland Security, CISO at the entertainment conglomerate Sony and chief trustworthy infrastructure strategist at Microsoft.