HIMSS21 Keynote Presentation stage with speakers
Sep 17 2021

Kevin’s Key Takeaways – Cybersecurity Keynote from HIMSS21

Cybersecurity Keynote Panel: Get the basics right; boring works.

New tech is cool. AI is amazing. As a culture steeped in abundance, we expect everything we imagine to be delivered into our hands within minutes of finding and then ordering it. But when it comes to data risk management, there is no imaginary one-stop-shop tech tool to defend your business. If there was, we would just do that instead of all the following boring things:

Tabletop testing = Boring
Asset management = Boring
IR/DR/BC policies = Snooze
Training employees = Snooze
Network testing = Z…z…z…
Culture of security = What does this even mean?

To defend against a ransomware attack, every item in the above list matters.

In the HIMSS Keynote panel, Admiral Mike Rogers, Retired Director of the National Security Agency (NSA) and Commander U.S. Cyber Command, implored the audience to “Get the basics right. Culture is the hardest part of security.” He went on to say, “Take a risk-based approach” but we’ll unpack that another day.

Other speakers echoed a similar message:

  • “Survivability is key,” shared Keren Alazari, Cybersecurity researcher, author and analyst, during the keynote. “There is no such thing as perfection.”
  • “Survive and build back better. Don’t blame,” stated Alex Stamos, founder of Krebs Stamos Group and former CSO for Facebook and Yahoo.

These aren’t the cybersecurity soundbites we’ve all come to imagine are true from watching Hackers, Blackhat or Swordfish; these are, however, the thoughts of top professionals in our field.

To bring this idea to light, I offer the following question and answer:

How does a CEO feel better about his/her team’s response to ransomware?
Answer: They do all the boring things, and then they rehearse the inevitable, over, and over, and over again.


Please notice, nothing here speaks of the latest greatest firewall, MFA, AI, or darkweb research. It’s all boring, it’s all necessary, and it’s what you should focus on to best prepare for and respond to your next attack.

Let’s discuss.