One of the pieces of innovative security Eric Cole Ph.D., founder of Secure Anchor Consulting and a faculty senior fellow with the SANS Institute, advocates for is a new reporting structure in which chief information security officers report to CEOs rather than CIOs.
"If you look at networks today, there are two fundamental components that are needed for that enterprise to succeed: uptime availability and security," Cole said. "The problem is that while those are complementary, they also contradict each other in some cases. Making something secure requires changing or altering the environment, and changing and altering the environment impacts the uptime availability. Because there is an inherent conflict, those two have to be equals so the CEOs and executive team can make the right decision for the organization."
Cole said this decision should only be made by the CEO or COO, as CIOs spend so much of their time focused on uptime that they can't decide between uptime and security without bias.
In this interview, conducted at the 2015 RSA Conference, Cole discussed a few things he passionately advocates for -- including innovative security.
"I love solving complex problems, so one of the things that drew me to security is the fact that there [are] always unique problems that need to be solved," Cole said. "We have an adversary that is relentless; we have an adversary that is persistent. Which means anything we do today to stop them will not work tomorrow. As soon as you lock the front door, they're going to go in the back door."
As for how Cole manages to focus on innovation?
"I recommend dedicating 20, 30 minutes a day just to think and innovate," he advised. "You have to give yourself time. If you're busy nonstop, you're not going to be going in and looking at the future issues. If you can start thinking ahead, that's how you're going to stay one step ahead of the adversaries."