Programmatically speaking, we are living through cybersecurity’s adolescence. That is to say, in response to widespread recognition of the dangers posed in a hostile cyberspace, government and industry have embarked on a number of large, well-resourced and highly visible cybersecurity projects and programs. These efforts are generally conducted alongside, and in a parallel manner to the ongoing operations or the acquisitions/development efforts they are intended to protect. Unfortunately, they suffer from the same flaws as many other large, top-down reformation and improvement programs throughout history. This talk will draw parallels between current cybersecurity programs and historical grand attempts to address other endemic, systemic requirements and problems. It will follow up with a discussion of how these large programs will eventually collapse and see their solutions filter into the DNA of the programs they were originally intended to protect. Finally, it will lead the audience on a path toward a supportable hybrid approach that merges top-down and bottom-up implementations.
