Cross Industry CollaborationHelen Patton

Chief Information Security OfficerThe Ohio State University

2

• What’s Happening in Higher Ed Security?

• Research Data of Interest

• What It Means for Security Teams

Today We Will Discuss:“If you really want to do something, you’ll find a

way. If you don’t, you’ll find an excuse”

- Jim Rohn, American Entrepreneur

3

Agenda• What is Cross Industry Collaboration?

• What do they have in common?

• What problems are not yet being addressed?

4

What is Cross-Industry Collaboration?• ISACs: Information Sharing Analysis Centers

• Physical and Cyber threats, vulnerabilities and events

• Two-way sharing between private and public sector

• Organized by Industry

• REACTIVE

5

What is Cross-Industry Collaboration?• Cyber Vendor Collaboration

• e.g. Coordinated Malware Eradication Program (CME) – Operation SMN

• Goal: “ To remediate the adverse impact of professional cyber espionage groups”

• Novetta, Cisco, FireEye, Tenable, Microsoft, Symantec, etc. – Private Sector Only

• Technology Driven – Focus on Malware

• PROACTIVE

6

What is Cross-Industry Collaboration?• Federal/Military and Industry

• e.g. NIST Cyber Center of Excellence

• e.g. DHS Cyber Information Sharing and Collaboration Platform (CISCP)

• Often includes Academic research

• Mostly REACTIVE, some PROACTIVE

7

What is Cross-Industry Collaboration?• Columbus Collaboratory

• Cyber Security and Data Analytics

8

What Do They Have In Common?• Technology Driven

• Threat Focused

• Some Research Backing

• Not solving biggest problems (yet)

9

Other Issues For ConsiderationTalent

Development, Recruitment

and Retention

Security Assessment

Results

Board Cyber Expertise and

Buy InBuilding Trust (in Contracts)

10

Talent Acquisition and RetentionAvailable Now:

• ISSA and others

• Diversity Groups and Job Sites

• Internship programs with Colleges and Universities

Scarce/Non-Existent:

• Encourage HR groups to collaborate on Cyber issues

• Are you willing to sponsor sessions to help HR professionals learn??

11

Board Cyber Experience and Buy InAvailable Now

• Opportunities to serve on Boards – Volunteer today!

• Individual company Board training events – are you engaged?

Scarce/Non-Existent

• Partnering with Board Recruitment Firms to help them tap into Cyber community to find and train Board Candidates

12

Security Assessment ResultsAvailable Now

• Vendors offering cloud assessments based on external/public data reporting

• Large Company SSAE16/other audit reports

• $$

Scarce/Non-Existent

• Sharing assessment results with your supply train or industry partners, so assessments don’t have to be duplicated

13

Contract TrustAvailable Now

• ISAC data sharing

Scarce/Non-Existent

• Training of legal community and business to allow information sharing between business partners without implying liability

14

• What’s Happening in Higher Ed Security?

• Research Data of Interest

• What It Means for Security Teams

Today We Will Discuss:

Thank You!

Patton.91@osu.edu@OSUCISOHelen