Introducing SCS Speaker Lydie Ngo Nogol
The dumb programmer is a prominent character in security lore. But developers and system engineers have their own traditions and the stubborn security officer plays an equally important part in their camp fire stories. We could accept this as a given and leave it at that. But it would also mean accepting the bill that this gap between developers and security teams brings: a lot of hidden costs at many levels.
Security people don’t trust the system engineers citing a bad track record and projects are delayed (or stopped!) because of this. Database administrators jump through hoops to meet futile requirements that do not address the real problem. Developers hide their dirt from the security officers so they can meet the deadlines and the only thing that DevOps changes is providing the teams with more frequent opportunities to clash.
It’s a structural problem: It is not the evil programmer or the hidden agenda of the security officer that kills a project. It is more of an epic battle where all the characters play the role that fate has assigned them, like ancient Greek myths if you want.
The difficulty is breaking free from this structure and coming up with a different story: Ideally, a story with less battle and more cooperation in order to succeed as a business or institution. A collaboration fostering mutual trust and confidence.
Our speaker Lydie Ngo Nogol knows this game by heart. She started her career as a network security engineer in a Telco company without a real security team. So not only did she need to introduce a basic security culture into a thriving business (why bother with security at all?), but she also had to do so without the power to say NO that CISO roles typically come with.
But she mastered this and many other challenges to rise to head of information security. Lydie runs her company’s security awareness program. She makes sure the company meets the regulatory requirements with regards to security and data privacy. She created a vulnerability and security incident management program and she is now extending the cyber security operation center of her employer.
You could argue this is a business success, but hardly proof of a decent track record in the security domain. So let me stress that she also brought security into the board room. And everybody who has ever worked on that level knows that the board’s agenda is generally better defended than the SSL keys for the company’s website.
And she says the key to this success is communication. It’s a way to foster an exchange of needs and constraints between developers, operators, business leaders, architects and the security staff. Contrast this to her declaring she is more of an introvert! I’m looking forward to meet her face to face and to see if this is true.
Lydie Ngo Nogol currently works as a head of information security for MTN Cameroon, a mobile service provider with 7 million customers. She is a person to watch and we invite you to follow her presentation at Swiss Cyber Storm on October 30, 2018.
More about Lydie Ngo Nogol:
- Twitter: @Lydie_No
- Linkedin profile: Lydie Nogol
- IT WEB Africa article about Lydie Nogol: Back to Basics – The Best Approach to Vulnerability Management