The Security Industry Association (SIA) recently established the SIA Cybersecurity Advisory Board to prescribe and to advocate for cybersecurity strategies and solutions. This month, we introduce you to the board's Jeff Whitney, Vice President of Marketing, Arecont Vision. Visit our SIA Cybersecurity Resources webpage for more info.
1. Tell us a bit about your business and your background?
I spent much of the first two decades of my career in the IT industry in sales, marketing, and product development roles. I worked at major IT manufacturers Amdahl Corporation, Fujitsu Group, and NetApp, companies that were focused on a mix of networking, storage and server products for the data center.
When I had the opportunity, I leveraged the experience I had accumulated in those multi-billion dollar manufacturers to focus on Silicon Valley startups around San Jose, California—Spinnaker Networks, MaXXan Systems, and Intransa—followed by Astute Networks in San Diego. These companies offered a broad range of new technology based on IP technology for networked storage, encryption and key management, cybersecurity and appliances, and pushing the industry forward along the way.
Security is now witnessing the growth of IP technology the same way it did in IT well over a decade earlier, gradually pushing aside analog platforms by the promise of higher performance and better quality at a lower cost. Thanks to experience learned in IT, the introduction into security has been fairly smooth but admittedly still disruptive to the industry overall. And part of that disruption is the increased vulnerability to cybersecurity threats.
There are always risks that need to be learned, understood and managed with any new technology, and we in the security industry are no exception. I attended my first cybersecurity summit in New York City in 2006 while marketing encryption technology to IT customers and I have never looked back. A little over two years ago, I joined Arecont Vision in Los Angeles, a U.S. manufacturer that remains a leader in IP network-based megapixel technology with many industry firsts, including the first multi-sensor panoramic cameras back in 2006. This proved to be a strong match for my background and experience. I see my participation in the SIA’s Cybersecurity Advisory Board as an opportunity to partially repay the industry for the great career I’ve enjoyed up to this point, and the company supports my involvement in recognition of the importance of this issue.
2. SIA recently released a product cyber-hardening guide for manufacturers. Beyond the recommends found in the guide, what are two or three additional steps manufacturers should take to protect against cyberattacks?
The guide is just that: a guide. Unfortunately, every situation is unique. No checklist or guide can reasonably be expected to address every situation a manufacturer faces, because every company is different in many ways, just as their products, people, and resources are. And none can be in-depth enough to provide detailed guidance.
The SIA guide is an excellent starting point in addressing basic thinking, useful processes and other items that manufacturers do need to consider and apply to their own products as appropriate to their needs and those of their customers. Cybersecurity is going to be an ongoing effort for everyone in the industry, both at home and at work. Thus, it is not a matter of following the guide, implementing it and then saying, “I’m glad that’s done. Now I can get back to business.” It is instead a continuing process, adopting as the threats and the market itself does. The ongoing integration of security and IT departments, and the use of that combined expertise to benefit the manufacturer’s product design and support will continue to evolve.
3. What type of education should be provided by the SIA Cybersecurity Advisory Board to raise the preparedness level of security manufacturers and integrators against cyberattacks?
SIA has a robust curriculum of education that is offered to our members, and the Cybersecurity Advisory Board will play a large part in evolving that portfolio to meet the new cyberthreats that we increasingly face today as the threat itself transforms and grows. While we as a group haven’t yet fully mapped out the courseware that should be developed, there are experienced practitioners on the Board who are eager to make their own knowledge and hands-on experience, a benefit of what we offer, useful in educating security practitioners in member manufacturing companies, assisting integrators and bringing up to speed the senior leadership of those organizations for awareness of the threat.
4. What is the most effective resource for SIA members to access and leverage when developing cybersecurity strategies?
The Cybersecurity Advisory Board hopes that we can fulfill many of the basic needs of our member companies. The reality is that while all of us in the industry are security practitioners at some level, many have more practical experience, training, and skills in this arena. Member companies need to understand the risks and challenges of cybersecurity threats, and to recruit and train people according to develop in house skills and awareness. Security professionals and consultants can help, and organizations like the Board will continue to provide best practices recommendations and education in this area to support them.