eBay Red Team Event - Creating Awareness and Sharing Strategies
Nate: Dave, thanks a lot for taking the time to sit down and discuss eBay Red Team and Breakfast Club event with me today. You're obviously an extremely busy person, so I was wondering, why did you take the time out of your schedule to invest in these events?
Dave: I felt it was important for the good of the industry to pull several forward-thinking CISO's and CSO's together to discuss common issues that are facing us all. Security of the marketplace, and buyer and seller confidence in that security, is paramount to eBay's success and we've done some progressive things to bolster eBay's security posture. The objective of the eBay Red Team and Breakfast Club event was to create a forum where CISO's could discuss their strategies and what is working in their industries, technologies that have been useful, concerns and what is or is not being done to address them, and most importantly to try to create a unified front to combat these issues. One of the ways I'd like to see us address these issues is through continued knowledge sharing events, like eBay Red Team.
Nate: Was anything that you learned or talked about during the course of the eBay Red Team and Breakfast Club events surprising?
Dave: I don't believe anything that came out really surprised me, but I did find some very interesting topics of discussion for further review. Some of the difficulties that the financial service organizations mentioned is still territory that eBay hasn't had to deal with yet, so it was insightful to hear these discussions and consider what that might mean for eBay in the future. In order to facilitate discussions and knowledge sharing, we talked at length about the things that eBay is currently doing. Some interesting topics were sparked from discussions of what we are facing, with one of the most interesting to me being discussions around mobile applications, their role in the current and future marketplace, and the concerns that they cause from a security standpoint.
Nate: I'm sure during these discussions numerous security threats were discussed, what do you see as the biggest threat facing industry today?
Dave: I don't think I would pin it down to any one specific threat. We're seeing all types of threats and I think the most concerning issue is not any one specific threat, but the sophistication level of some of the attacks as well as the rate of change of the landscape we're dealing with. I feel that the biggest threat to industry right now is that, as a whole, the industry is still in a very reactive mode of security. As long as this trend continues, we won't be able to keep up with the attackers.
Nate: Dave, where do you feel the industry must go from here to address the concerns raised during the eBay Red Team event?
Dave: I feel the most important thing is that the industry as a whole establish a more proactive stance. We need to have more social networking events, more freedom and less hesitance to share knowledge around common issues, and we need to mobilize efforts to educate each other and world-wide legislators of these issues. It's important that stronger legislation be created to give us more power to protect ourselves and our customers from cybercrime. The hackers and phishers of the world have always had amazing information sharing capabilities; in fact, it's truly part of the culture. There's really no reason that industry can't have that same level of knowledge sharing. We need to lean on ISSA and other professional organizations to step up and take a stronger stance in the information security space so that we can create a culture of knowledge sharing that will allow us to be proactively prepared for the threats facing us.
Nate: Dave, thanks again for your time.