Seattle-based Riley told the 700 present at Microsoft's Tech Ed conference earlier this month that the systems employed by companies in maintaining security matter more than the actual technology used. It is essential to have the right people.
“Security is about people and process. If I am a seeking a security administrator, I would have misgivings about someone who claims to be a reformed attacker. People gravitate towards what they are interested in. I do network security; I am interested in network defence. For someone who has spent a considerable time attacking networks, there is something in their personality,” he says.
Riley says he is not entirely convinced that such people can change and become trusted, though he offered no examples of any ex-hackers causing problems.
“I want someone who is generally concerned about the business, genuinely concerned about the business and has an interest in network defence."
Riley also calls on firms to move away from reacting to possible security threats towards pro-active protection. Methods he suggests include better password protection and more appropriate use of firewalls.
“Paint a landscape of the threats you are facing and protect, maybe thinking about moving away from reacting to protect the network against unknown threats and raising awareness of issues,” Riley says.