When the existing ways of doing things aren’t yielding the desired results, find a better way. With current cyber defenses continuing to be outpaced by threats, cybersecurity professionals are seeking out new paradigms that will help them better fulfill their mandate.
According to Adam Meyer, chief security strategist at SurfWatch Labs, business and organizations are becoming frustrated that greater investment in cybersecurity isn’t paying off in the form of decreased vulnerability. “We’re spending millions and millions more dollars every year on cybersecurity, he says. “Why isn’t it getting better? Why aren’t outcomes changing?”
One reason is the sheer volume of threats. Not only are adversaries proliferating, but they have an ever-increasing array of tools with which to launch attacks. Cybersecurity professionals can often feel they are fighting a losing battle – while C-Suite executives and board members wonder where the money spent on cybersecurity is going.
New, better-targeted approaches are clearly needed. One such approach, Meyer says, is threat intelligence, which endeavors to provide organizations with the information they need to conduct a more focused cybersecurity effort, pinpointing the likeliest threats and the ones most damaging to an organization’s interests.
“It’s exploded over the past year,” says Meyer, a 2009 graduate of Capitol’s master’s program in cybersecurity. “A lot of people are looking at threat intelligence because the continuing breaches show they’re obviously placing budget in the wrong areas. They want to learn how to apply the right resources to the right areas.”
SurfWatch has been pioneering this domain. Its Threat Intelligence Suite provides executives and decision-makers with at-a-glance visibility of cyber threats affecting their business interests, and includes risk monitoring tools designed to pinpoint specific risks to a company's supply chain.
Other tools are tailored to security and risk officers, IT professionals and analysts, enabling them to direct resources to the most pressing areas of vulnerability.
Meyer joined the firm in November 2014. Prior to that, he was Chief Information Security Officer (CISO) for the Washington Metropolitan Area Transit Authority and Director of Information Assurance and Command IA Program Manager at the Naval Air Warfare Center, Naval Air Systems Command. He teaches cybersecurity at the University of Maryland, University College and other institutions. Publications such as Infosecurity Magazine, Business News Daily and the Wall Street Journal regularly seek out his subject matter expertise.
He is a strong advocate of the practical, real-world approach to cybersecurity education that he encountered as a student at Capitol. Although many schools do a good job of teaching theory and concepts, the ever-changing nature of the cybersecurity challenge makes hands-on experience a must.
In his role as a hiring manager, Meyer says, he seeks out candidates who have the practitioner’s perspective. “I have a job to do and I’m hiring smart people to get that mission done,” he says.
It’s not a mission for the faint-hearted. Cybercrime is a big business now, with more and more people getting into the game. Companies have accumulated tremendous amounts of digital data but rarely have enough protections in place to secure it. That data – whether it’s credit card numbers, medical records or the specs for upcoming products – can be commodified and monetized, often with surprising ease. And when one avenue for theft gets sealed off, malicious actors quickly find another.
It’s challenging work, but Meyer – a Navy veteran who served as a gunner’s mate – has never been one to shy away from challenges. On the contrary, he welcomes the opportunity to further expand his skills and expertise.
“One thing I can say with absolute certainty is that every single day I have to learn about and educate my customers about a brand new threat,” Meyer says. “That makes you very knowledgeable, because you’re looking at a lot of different areas, and it also keeps you pretty tight on your problem solving skills.”
“You have a lot of unique things happening and you have to come up with a lot of unique answers,” he says.