• Derek Harp

The Chairman's Minute: What is Your Security Culture?

Updated: Sep 2



By Derek Harp

August 2019




Security Culture is something I am giving a lot of thought to these days.  After two decades of contributing to more technical efforts to increase cybersecurity, it is clear that we are still so incredibly vulnerable to our individual behaviors. 

From the kings to the cooks in our castles we still give so much away freely.  One might argue that if we don’t fix that it doesn’t matter what we spend on cybersecurity technology. 

Our Security Culture collectively does not get a good score and we are beholden to our common denominator, team members. A new norm where people routinely don’t trust other connections, messages, connectivity and make isolated exceptions vs continually accepting everything everywhere at face value is the shift we all need to make.  

It’s a paradigm shift that calls for us as human beings to change fundamentally how we relate with connected technology.   The origin of this infrastructure springs from research projects connecting trusted technology, but that is not where we find ourselves today at all. 

I won’t claim to have all the answers but, rather, ask the question “What can we {all of us} and CS2AI, as an organization, do to increase “buy-in” regarding the necessity to raise all of our cyber behaviors to a new level?"