Facebook security boss challenges security industry to focus on people

In the opening keynote speech at the 2017 BlackHat security conference, Alex Stamos – the security boss at Facebook – made clear that the security industry was in need of an attitude adjustment.

He said that the security industry needs to worry less about technology and focus more on the people. In what was quite a passionate speech, Stamos said that security vendors were too invested in technically complex and visually impressive “stunt” hacks, and not concerned enough about finding ways to keep people and businesses safe. He also suggested that the industry could display more empathy.

“Our community overall – we’re not yet living up to our potential,” Stamos said. “It’s a critical moment,” he said.

>See also: Is your business too complacent about cyber security?

In the keynote at one of the biggest gatherings of security professionals in the world, he cited examples of impressive presentations of insulin pumps being hacked. But this, he said, had little relation to real-life issues facing people everyday.

“We have perfected the art of finding problems without fixing real world issues,” he told attendees. “We focus too much on complexity, not harm.”

Indeed, Stamos pointed to three key areas that the security industry needs to change. First, the industry needs to shift the focus from complexity, and move onto the areas that cause the most harm to businesses, i.e. the everyday, ‘unsexy’ threats: phishing, unpatched systems, password reuse and mass compromise, and abuse.

“The things that we see, that we come across every day, that cause people to lose control of their information are not that advanced,” he said. “Adversaries will do the simplest thing they need to do to make an attack work.”

>See also: Change of attitude required to face modern cyber threats

Second, Stamos said the security industry needs to stop this blame culture, which punishes people who fail to implement their security solutions effectively, or to those that inadvertently cause security incidents.

He suggested that the security industry should instead focus on building “nets under tightropes” for those businesses facing security challenges, by building better technology.

“Every single day we ask billions of people to walk these tightropes, and if they fall off, we just say that is the situation, and we can’t do anything to help. This is a real problem for us and we have to put ourselves in the shoes of those we are protecting,” Stamos said.

Finally, he said the security industry needed to become more effective at engaging the world: focus on the people, not the technology.

>See also: 10 ways cyber security will evolve in the face of growing threats

“Things are not getting better, they are getting worse,” Stamos said. “That’s because we do not have enough people and not the right people to make the difference.”

The growing importance and influence of cyber security means that it is impacting people’s lives: “We’ve been asking people to pay attention to us for 20 years – they are now. We have the world’s attention, what are we going to do with it?”.


The UK’s largest conference for tech leadershipTech Leaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics

Cyber Security