London, the security capital of the world?
Heiser has had a long experience working in the IT and security sectors, with an MBA in international management as well as stints at the Pentagon and a series of consultancies. Now based in London, he felt that there was a very active infosec community, and that now it could rightly be crowned the security centre of Europe.
Nowadays working with Gartner, Heiser said that he was now working more with people and culture issues changing the way people do things rather than learning new technology. He claimed that in the past IT security had overemphasised the technology, but he was keen to make clear that it wasn't an either/or' situation.
"Defence in depth means that there needs to be human as well as technical mechanisms," he argued. "In the past when we've talked about defence in depth we've had narrow depth you have two locks in front of you door that's not defence in depth."
"We're now full appreciating what technology can do and truly better appreciating what people can do reaching the optimal combination."
Heiser said that the people who ran businesses needed to appreciate risks so they could make good decisions, and that it shouldn't be technology people. He claimed putting technology people in charge would usually lead to overspending, and also meant companies could miss some big risks.
Living and working in the UK, Heiser was very positive about this country when it came to attitudes about IT security, claiming that we led the world when it came to approaching it in a process orientated way, with the Americans belatedly following behind.
He said: "Generally speaking, the UK has not been a leader in technology in the [security] area, although there have been a few areas where they have been. However, in terms of process the UK has taken a global leadership and I think it's something the local community should be proud of."
