This is a strange topic as the idea of collaboration in the security industry is basically that direct competitors come together and openly share how they do things, how they secure their systems, what works and what doesn't. A couple of months ago now I was invited to join such a group and go along to one of their information sharing meetings.
If you would listen to all of the negative talks about this it would mean that I would be entering the lion's den so to speak, walking into the territory of my direct competition and to make it worse again I would not be just sitting down with that one competitor but in fact a room full of around 8-10 different competitors. In this situation, you could be forgiven for imagining a lynching party waiting to grab you when you entered the board room or maybe a wild west saloon in which all the cowboys in the bar with itchy trigger fingers, ready to let gun a blazing at any sudden movement.
It is true that you could consider all these situations to have a similarly fine line of stability, obviously, a meeting full of competitors is not quite that dramatic but its success does still balance on a knife-edge. A wrong step could set the fragile state to collapse and no open honest sharing will take place. Andrew the guy that has organised the group and brought us all together has done so out true belief in collaboration and it is a noble cause that all of us attending the event believe in (at least enough to get us to the meeting anyway). So, the day came about and I heading to the location in Brisbane. I was a little early but took the elevator and made my way to the reception area I could see on my right.
No one was at the reception desk as it was after hours and most people had already left the office. I looked over to the reception seating area and I could see two other people sitting down casually chatting, so I walked over and asked if they were here for the same meeting. They both gave me a once over and one of them indicated that they were. I took a seat while we waited for the organiser to come out and take us through to the lion’s den to our allocated meeting room. To be honest the whole experience was thus far very easy going with no sign of awkwardness or discord from any of the attendees. A glimmer of hope that this could actually work.
The meeting started with some general discussion points be indicated on the projection from our host but after a beer or two, many of the attendees relaxed and information was flowing between all, with no hint of anyone holding back. Obviously, we weren’t discussing any company secrets or anything that would be detrimental for direct competitors to share but what systems we have tried, what we are using, what is working well for us and what we think could be better.
We openly discussed a lot of information about how we do training for security to help generate better awareness, what sort of buy-in we are getting from senior management and staff. It was really good. The process was actually working as wanted, I am a huge advocate for collaboration and working together to solve our security problems (I am sure this works for other issues as well but my focus is just fixing security for now) but I have always received push back from peers when this was discussed or mentioned so to see it being done successfully was a truly great feeling.
After a night of pizza, beer and some really great sharing of experiences I think everyone in the room left with some insight they didn’t enter with which was the whole idea. We all went our separate ways and we are due to have another gathering again soon and I would have to say that In its current format the group will continue to be a success.
The problem is, could this type of collaboration be expanded to be a collaboration with a whole industry or let’s say Brisbane as a whole for the security industry? To be honest I think it will be a challenge but if this group has shown me one thing is that it is possible if we believe that it is. Let’s drop our walls and try to find ways we can work together more and really collaborate.
If we can really do this, it will be a benefit for us all. We may in time be able to claw back control of this cyber war that is being waged. We have APT's, cyber-criminal gangs, financial or ego-driven malicious actors acting alone or in small teams. They are all collaborating better than we are, but we can't seem to just get over our ego's and come together for the overall benefit to society and in turn our customers. They are why we are still in business Afterall, so shouldn't we do everything we can to protect them?
So, lets put the differences aside and find a way to make this work for us all or the alternative is let it all crash and burn as alone we can’t win this fight. Think about it you know I am right.