My Shout Out to Iowa's InfoSec Community

As part of the Technology Association of Iowa Catalyst event earlier this week I had the opportunity to share the benefits I've received from being part of various information security communities during my 'CISO upbringing'. Time did not permit me to give shout outs to all of the contributors to our community in Iowa and I'm certain I'm not aware of them all. However, I wanted to share my appreciation and excerpts of my speech to shine the light on the great work being done across Iowa to advance information/cybersecurity! So read on...

I am frequently asked how I got into the field of cybersecurity.   One thing I discovered quickly is that information security professionals are a passionate group and were very willing to help with my education. I needed to learn a lot about the field and was expected to weigh in on technology decisions, escalate risk issues to executive management, learn about regulators and regulation, some of which seemed irrational at the time, and do a lot of influencing across the organization – including interaction with our Board of Directors.  The learning curve was steep, and the priorities were many – and that was 10 years ago!

The pace of business innovation and technological change we are experiencing now is incredible and for cybersecurity defenders this amounts to increasing complexity and what we call an expanding attack surface – more opportunities for cyber-attacks or disruption.  There is never enough time or money to mitigate 100% of the risks we face and never will be. I’m sure that is true in all your organizations as well. The mission to protect our organizations will be a challenge into the future.

This is where the importance of community comes in. I credit my peer groups in providing me with practical education and ‘short cuts’ along my journey. I believe that the speed at which you can learn is accelerated when you have trusted peers who openly share tips and lessons learned, can provide a sounding board through the ups and downs of a new role or responsibility, a new concept, technology, or process. 

I am optimistic about the information security community in Iowa. It is flourishing through the efforts of passionate information security professionals across our state including those in private industry, government and academia.  Many of those involved volunteer hours of their time to groups like SecDSM – who meet the third Thursday of each month to listen to peer presentations, share demos and host guest speakers (many are available on YouTube). There is an Iowa City version of the same – called SecIC and there are local chapters of national groups such as Infragard, ISSA and ISACA. There are also several conferences, again with dedicated volunteers, such as BSides Iowa or Corn Con, to name two.  The TAI sponsors a CISO Roundtable who meet quarterly with a mission to advance the cybersecurity programs of companies doing business in Iowa as well.   

I wholeheartedly encourage participation by my team members and hope you do as well. These peer groups are an excellent opportunity to support the information security community in Iowa and to continue to grow our pool of cybersecurity talent.

The cybersecurity community is not exclusive to people already working in cyber. I encourage you to join these groups, attend their meet ups, get involved or encourage others in your companies to do so.  This community provides excellent opportunities for peers and leaders to learn more about cybersecurity, share their expertise and to advance the maturity of the information security programs at their companies across Iowa.   As the saying goes, a rising tide lifts all boats. 

I think there is an exceptional and growing cybersecurity community in Iowa – many I didn’t have time to mention—sustaining and supporting this community should be a key objective for Iowa’s technology leadership.