itb-nz logo
Story image

When it comes to security... HP's cyber chief calls for all hands on deck

26 Nov 2013

"Which alligators do I get out of the swamp first" asks Betsy Hight, vice president, Cybersecurity Solutions Group, HP.

"The ones biting my ankles or the huge ones sitting by the side of the lake?"

A retired Navy Rear Admiral, Hight is well-versed in fighting attacks, whether it be on the high seas or in the unknown world of cyber space.

Leading a team of cybersecurity experts at HP, Hight is under no illusion of the risks organisations are facing on a daily basis.

"As we look back over trends the biggest threat facing organisations today is applications," says Hight, who joined HP in 2010 as the lead of the US Defense Command and Control Infrastructure Practice.

"Five years ago we tried to protect the perimeter but we don't actually have that much of a perimeter anymore.

"Everyone is moving in and out of organisation networks which has driven us to the greatest threat at present - applications.

"It's my personal opinion, and I strongly believe it will become even worse with the rise of mobile applications."

Tasked with delivering strategic cybersecurity solutions to HP clients, through many years of experience in assisting US defence clients in transforming their IT environments, Hight is unwavering in her belief that organisations can no longer afford to harbour reactive approaches to security.

"Organisations must make prioritisation decisions which are relative to the problem," Hight advises.

"But if companies swing too far on either side they will incur problems either now or later down the line."

Hight acknowledges however, that times are changing and companies are beginning to seriously sit up and take notice.

"Everybody is beginning to pay attention," says Hight, who joined the Navy in March 1977, serving in various staff, operational and command positions until her retirement in 2010.

"Whether it be through reading it in the media or experiencing cyber threats personally, people are finally beginning to take an interest in issue for sure."

Previously, Hight served as the vice director of the Defense Information Systems Agency (DISA), a worldwide organisation of more than 6,600 military and civilian personnel.

During her role, Hight was responsible for planning, developing and providing interoperable, global net-centric solutions that serve the needs of the President, the Secretary of Defense, the Joint Chiefs of Staff, the combatant commanders, the military departments and other U.S. Department of Defense (DoD) components.

As a result, Hight promotes a forward-thinking philosophy, a philosophy shining through across HP's cyber security division.

"At HP, we don't rely on a checklist," Hight says. "We rely on continuously monitoring over time how risks might manifest themselves and how the outcome of the agency will react to the risk in the cyber domain.

"We're not about selling a widget or somebody's time on the counter - we're about understanding, education, mitigating and eventually eliminating the threat.

"What sets us apart is that we don't come in and claim to be able to solve all the problems across an organisation."

Also serving as DISA’s principal director for Operations and deputy commander, as director of Operations, Hight was responsible for providing command, control, communications and computer support to the nation’s warfighters.

During over 30 years of service, Hight has overseen dramatic changes within the cyber security environment, experience she draws on in her new role working for one of the technology's most trusted brands.

"Risks change," Hight admits. "Even five years ago the threats were very noisy and you could find them easily.

"Now they are patient and very quiet, staying within your domain for as along as they please.

"As a result the old-fashioned quick in and out cyber security engagement is absolutely the wrong way to approach it.

"It is important to discuss the ecosystem or external threats which have nothing to do with cyber because if we don't start there and end up at technology we've started it at the wrong place."

Hight insists HP's approach differs to its competitors in that they uncover what an organisation is trying to accomplish and what would be the biggest barrier for them accomplishing it.

"At HP, we sit down with the client and ask: What is it you are trying to protect and what is it you're trying to achieve?

"Most clients haven't had the time to sit down and think about that because like everybody else in this world, their inbox is full and their telephone is ringing off the wall but those are truly the most important questions.

"It's not our answer that matters, it is theirs."