My postings have been thin over the last few weeks as I’ve been busy travelling, researching and writing. The highlight was a visit to Switzerland to give presentations to institutes in Zurich and Geneva, a thoroughly enjoyable experience. It’s been a few years since I last visited Switzerland, so I was interested to experience the latest views and perspectives of the local security professionals.
I was impressed by the Swiss appreciation of the human factor in information security. They have a very good grasp of the nuances of organisation culture and the techniques required to change user awareness and behaviour. And it’s also reflected in university teaching and research.
This might of course be expected in a country that successfully combines contrasting cultures, languages and politics. But it’s not what we generally find in the USA, which has a stronger focus on security technology, often at the expense of the softer skills.
The UK is different again, with more emphasis on policies and processes, perhaps reflecting its claims to fame as the birthplace of ISO standards for quality and security. The ideal would be to combine these skills. But the blend is changing. Once we move into clouds, the balance will favour the softer side of security. Continental Europe is better prepared for that. But, unfortunately, so are our enemies.