What a pretense! Owner of a cybersecurity vision, and doing so without having been able to view or experience every angle. Although I'm a little ashamed of it, after 20 years in cybersecurity business and having seen my share, I have all but put together for myself the puzzle pieces of my experiences so far into a greater whole. That puzzle, my vision of "cybersecurity," is a work in constant evolution as I continue to develop and learn on a daily basis, but at the same time it forms the framework in which I work and think.

I lived through a whole evolution, from the early days of security (y2k bug anyone?); when there was still mostly wonder at all the new functionalities the digital world brought. Entire worlds opened up and everything became more colorful, more efficient or gratifying; people came closer together and digitization was the new trend. Early on there was some abuse here or there, and they were not resistant or even defensible against this abuse. Initially, it was enough just to patch up the issues with a wipe-down; targeting those specific cases of misuse. Anti-Virus software was enough for most to ward off evil based on signatures.

We started layering security over our environments because of a continuous stream of wild stories about what script kiddies and computer gurus could bring about with a keyboard and network access. Firewalls to shield our networks, Intrusion Detection or Prevention Systems to inspect behaviour within network flows, Encryption to make everything confidential, ... Despite all these extra layers, we continued to be inundated with a crescendo of abuses and breaches. Slowly, the world learned that digital security is not something you can fix as an aftertought, but that every part - from an initial concept, over a customer-facing application to an entire business operation with all its components - must be built with a sound, defensible and logical foundation. Each element by itself must be able to handle any potential threat against its purpose/existence that it might face. New protocols were developed, programming languages evolved to address the need and new operating systems were developed and built to deliver security from the ground up.

It seemed as if we ought to reach a golden age with all these new insights and more secure methodologies. The SIEM technologies correlated security events from different layers of the environment, Security Operations centers analyzed all suspicious events and Incident Response Teams were ready to kick the few who had slipped through the cracks back to their IP of origin. Unfortunately, that didn't take into account the free market economy. The script-kiddies and gurus had not only co-evolved, but an economic machine had emerged from the digital underworld, a new industry. There is so much profit to be made for so many different parties each with their own goals that we slowly start to recognize that we will never be completely finished shutting out or fending off attacks - no matter in which sector we are active. Not only do intelligence agencies, governments or banks possess valuable information, but large companies whose systems or data were held hostage, and even end users contributed their fair share.

That brings us into today's cybersecurity landscape; we are automating not only our defense, but also our response, so that the focus of security operations can be on the most threatening anomalies. We have resigned ourselves to the fact that any defense or detection we implement can be bypassed, and are preparing for the worst. Fortunately, the economic nature of our adversary makes our lives easier in a sense, because their motives are predictable and with that, for the most part, so are their efforts and actions. Companies focus their defense where they are most vulnerable and these weak spots widely vary based on the context of the industry and the specific goals of the company.

This reality has shaped how I stand in my work. I believe in security from the bottom up; every element must be defensible, proportional to the importance we attach to it. However, we shouldn't lose sight of reality. In every situation there are suboptimal elements that hinder our defense and for which no immediate solution exists. Therefore, every situation requires an analysis; with a focus on the objective, we look at everything that can compromise this objective (threats) and prioritize them. We look for all possibilities to cover these threats and weigh the different options, taking into account the current situation. Everything can be questioned and out-of-the-box thinking is a must; eventually we come up with a list of options from which a balanced choice can be made that best serves the purpose and allows an optimal defense strategy. I apply this methodology to every challenge that comes my way, which allows me to provide consistent and substantiated advice.