A trip to Asia shows how security professionals around the world fight the same battles.
Right now, I'm in a hotel room. I pull a Perrier out of the minibar, plop down on a soft leather chair and log on with a broadband connection. The room looks exactly like any room anywhere. With the curtains closed, I could be in Boston or Boise. I'm actually in Beijing.
True, it's not all that surprising to find the same modern conveniences everywhere in the world. After all, a Hyatt is still a Hyatt no matter where it's located. But on this trip to Asia to meet several of Information Security's international partners, I've discovered that, like hotels, there's not all that much difference between security professionals--regardless of where in the world they live or work.
Everyone I met (dozens of security managers, vendors and journalists) and everywhere I went (Taiwan, Singapore and China) seemed familiar. We talked about common topics: managing risk more effectively, making management care about security, and what to do about those dumb users.
I had to chuckle. I'd traveled 7,000 miles expecting that in a foreign land they'd face foreign problems; yet I learned that there really is one global infosecurity community.
In Singapore, I co-moderated a panel on compliance. In preparation, the director of Ernst & Young's regional security practice sent along results from some of his organization's recent research. For the first time, compliance trumped viruses and worms as information security's top concern in both Singapore and in the states.
While the regulations confronting businesses may differ slightly from continent to continent, the priorities are the same. During the panel, the CISO at a regional bank discussed his chief objective: building a security compliance framework. Sound familiar? Another panelist, the director of information systems for Asian telecom giant Sintel, lamented the evolving audit standards. "When you are scrutinized with a magnifying glass, no one looks good," he said.
At a conference in Beijing, I was amazed at how much I could understand, even though I speak a grand total of four Chinese words (and three of them enable me to order a beer). Still, as the other presenters spoke, I recognized terms like "Enron," "Sarbanes-Oxley" and "phishing," and I strangely felt at home.
You're probably reading this thinking, "Jon should get out more. Multinational companies abound; it's the era of globalization." You're right. I probably should get out more. Even though I know corporate security concerns are universal, I still found it reassuring to discover that the battles you fight (and we write about) every day truly are universal concerns.
At one point during a conversation with a Taiwanese government official, we talked about user training. "Isn't it pointless?" she asked. I tried my best to offer words of wisdom, tips to get users to take security seriously. Then, I realized that so much of what I was saying seemed like common sense. "But common sense isn't very common these days," she told me. I could swear that an American infosecurity pro recently said the exact same thing to me.
In many instances during my overseas visit, we have relied on translators to help us communicate. But in all the important ways, we are really speaking the same language.