Enterprise Services Blog
Get the latest thought leadership and information about the role of Enterprise Services in an increasingly interconnected world at HP Communities.

Demonstrating the value of security: an interview with HP’s Jim Tiller

Jim Tiller, Director of Security Consulting, joined HP Enterprise Security Services two years ago. In this short extract of an in-depth interview, he tells us why he came to HP and some of the guiding principles of effective enterprise security. To read the entire interview, check out the latest issue of HP INFORM, an HP Enterprise Security Services eBook.

 

Lock1.pngQ: What brought you to HP?

Tiller: A key feature that stood out was HP’s commitment to information security. HP has committed a great deal of resources, energy, focus, and investment in security products and people to be the leader in this space. I’m passionate about security, it’s in my DNA, and so this resonated deeply. More importantly, HP takes action on that strategy and is committed to that goal.

 

Q: What do you bring to this organization that’s unique, and valuable to our customers?

Tiller: I’m surrounded by great people here that bring their own unique capabilities and experience. Like many, I have a passion for security; I thrive on doing things better and making security more compelling and effective. As a professional, I demand excellence, a solution-oriented mindset, and enthusiasm for quality and value.

 

Q: What are the biggest challenges to “business” you’ve seen in your career as a security professional?

Tiller: Adaptability of security and demonstrating the value of security to the business. Threats are constantly changing and evolving, and I’m not just talking about hackers. Compliance demands are constantly putting pressure on organizations and gaps can be a direct threat to the business.

 

Disruptive technologies that drive business opportunity, such as Cloud computing and consumerization, can strain established processes and potentially introduce undesirable security conditions if they’re not approached in compelling ways.

 

I find that many organizations are good at security and have established a solid foundation, but threat dynamics require agility and, importantly, businesses are demanding it. One of the long-standing challenges is demonstrating the value of security. Companies typically seek returns and this can be difficult to accomplish for security investments, but not impossible.

 

Security departments are constantly working to not only protect their company, but also do so in a manner that resonates with the business. Doing both effectively is a challenge.

 

Q: What do you think is the single most important piece of technology organizations should have operational right now?

Tiller: Encryption. Protecting data is core to information security and encryption is at the heart of that objective. But, as you know, security is many layers, so I have to add in a couple of others. Identity and Access Management are also vital.

 

Making sure you can identify, authenticate, and effectively control access to resources with the appropriate authority. And log and monitor those processes—that’s critical.

 

Q: How do we begin to solve the “people problem” in security?

Tiller: It will never get solved really. People are people. And humans are just not good at perceiving risk, especially in the digital domain. Nevertheless, for me it’s always been about making it personal—making security mean something to you as an individual.

 

Doing Awareness Training and Security Education for users is good and very helpful. However, what seems to make it “stick” is when they can relate their actions—or inaction—to their own lives.

 

INFORM.pngRead more of Jim’s thoughts in the full interview in the latest issue of HP INFORM.

 

 

 

 

 

 

Tiller.jpgAbout Jim Tiller

As Director of Security Consulting for the Americas, HP Enterprise Security Services, Jim is responsible for leading the security consulting organization providing comprehensive, end-to-end security lifecycle engagements for our clients. He joined HP from British Telecom as the Global Security Practice Head, and prior to that was VP of Security Services for North America and the VP of Ethical Hacking for BT. Earlier in his career, he was Chief Security Officer for International Network Services, creating the highest NSA-rated professional security services organization in the world, and, from 1999 to 2002 he worked at Bell Labs for the advancement of security technologies. As one of the world’s experts, Jim’s views on information security are widely sought: He has written four books on security, contributed to more than 16 other books, and published a wide range of articles and whitepapers.

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the community guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation