‘We’ll Always Have Paris’: Key Takeaways from ISSE Conference 2016 on Digital Identity

The 17th annual ISSE Conference 2016 took place in the heart of Paris, drawing cybersecurity professionals from across the globe. This year’s event zeroed in on digital identity as the central theme, with speakers and attendees dissecting its growing influence on internet security, interconnected systems, and everyday life. Over two packed days, the conference delivered a mix of technical deep dives, strategic debates, and forward-looking insights that continue to resonate today.

If you missed the action, don’t worry—we’ve captured the most memorable moments and actionable ideas from the event. From the silent revolution of the Internet of Things (IoT) to the unique challenges faced by security teams, here’s what stood out.

Why Digital Identity Dominated the Agenda

Jon Shamah, chairman of EEMA, set the tone early in his welcome message: “This is the Year of Identity and Security, and ISSE has never been more relevant.” He argued that digital identity has moved from a niche concern to a center-stage issue for organizations worldwide. This claim was backed by sessions exploring how digital identity shapes online trust, impacts interconnected relationships, and introduces new vulnerabilities.

One particularly engaging panel examined the ripple effects of ever-increasing identities—from social media profiles to corporate access credentials. The consensus was clear: as identities multiply, so do the risks of fraud, impersonation, and data breaches. Yet, the conference also highlighted opportunities, such as machine-based learning technology that can automate identity verification and threat detection.

For a deeper look at how identity management is evolving, check out our guide on digital identity best practices for modern enterprises.

Security Team Challenges: Scaling Without Burning Out

Mohit Kalra, senior manager of secure software engineering at Adobe, delivered a standout presentation on the hurdles security teams face today. He identified three primary obstacles: scaling security work within small teams, managing diverse and growing product portfolios, and balancing business-critical products against legacy applications.

However, Kalra didn’t stop at problems—he offered a three-step solution. First, establish a minimum security bar with baseline tasks for every team. Second, treat security as a shared responsibility across the organization, not just the security department. Third, set up product teams for success by embedding security practices early in development cycles.

“Security is about making choices,” Kalra emphasized. “You don’t fix everything in one day. The real question is: who do we engage with the most, and how do we prioritize that time?” This practical advice resonates especially for startups and mid-sized firms struggling with limited resources. For more on building resilient security teams, read our article on cybersecurity team building strategies.

The Silent Revolution of the IoT

Andreas Ebert, Microsoft’s regional technology officer for Western Europe, described the IoT revolution as “almost a silent one.” He explained that most IoT activity happens beneath the surface—embedded in everyday objects like smart thermostats, wearable devices, and industrial sensors. The scale of this shift is unprecedented, driven largely by falling device costs that make IoT accessible to more consumers and businesses.

Yet, with scale comes risk. Ebert highlighted security challenges including insecure design, disclosure of personal information, and limited update capabilities. These issues must be addressed, he argued, to unlock the full benefits of IoT—such as improved threat identification, better decision-making, and enhanced availability of services.

Building on this, a later session explored how machine learning can help mitigate IoT risks by detecting anomalies in real-time. This combination of innovation and caution was a recurring theme throughout the ISSE Conference 2016.

Spies, Fake Identities, and Digital Credibility

Dave Birch, director of innovation at Consult Hyperion, took a refreshingly unconventional approach. He challenged digital identity experts to consider a thorny question: how do you build an identity system that accommodates legitimate fake identities—for spies, undercover agents, or people in witness protection?

Birch noted that while it’s “easy to make a fake passport,” creating a convincing fake Facebook profile without detection is extremely difficult. In today’s world, credibility is often verified through social media, LinkedIn accounts, and other digital footprints. But what about individuals who have genuine reasons to hide their true identity?

“Spies are perfectly legitimate,” Birch said. “If you’re going to come up with a plan for the future of digital identity, your plan has got to fix both problems—protecting fake identities for legitimate users while preventing fraud by ordinary people.” His talk sparked lively debate about the ethical boundaries of identity systems.

Data Protection Failures and Rising Enforcement Trends

Jacqueline Zoest, a barrister at Campbell Miller, closed the conference with a sobering look at data protection failures. She referenced high-profile breaches at TalkTalk and Sony Pictures, noting that monetary penalties for data breaches are on the rise. “They do seem to be increasing,” Zoest observed, adding that complementary audits are becoming more prominent as a result.

One key factor influencing fine amounts is an organization’s behavior after a breach. “An aggravating factor that would increase the fine is a lack of cooperation between the organization and the ICO,” she explained. This includes refusing voluntary audits. Zoest suggested a growing trend toward collaboration between regulators and companies, aimed at changing behaviors to prevent future breaches and avoid hefty fines.

For organizations looking to stay ahead of enforcement trends, our resource on data breach response planning offers practical steps to mitigate legal and financial risks.

Looking Ahead: What ISSE 2016 Taught Us

The ISSE Conference 2016 in Paris was more than just a gathering—it was a snapshot of an industry in transition. Digital identity is no longer a back-office concern; it’s a strategic priority that touches every aspect of cybersecurity. The event underscored the need for collaboration, whether between security teams and product developers, regulators and organizations, or even identity systems and spies.

As we reflect on these highlights, one thing is clear: the conversations started in Paris are far from over. They continue to shape how we approach identity, security, and trust in an increasingly connected world.

How to Handle Security Stakeholders: Avoid These Common Pitfalls and Build Trust

Managing a cybersecurity initiative is no small feat. IT and security leaders must collaborate with a wide range of stakeholders — from employees to the board — to define the strategy, secure approval, and maintain momentum. Learning how to handle security stakeholders effectively is essential for any project’s success. Without their confidence and commitment, even the best-laid plans can quickly unravel. Yet, many professionals fall into predictable traps that undermine trust and progress. Here’s how to recognize and avoid these common mistakes.

Why Stakeholder Alignment Matters in Cybersecurity

Cybersecurity touches every part of an organisation. As a result, it requires buy-in from multiple groups: executive leadership, department heads, IT teams, and end users. When stakeholders feel informed and involved, they are more likely to support the strategy and allocate the necessary resources. Conversely, poor communication or misaligned expectations can lead to delays, budget cuts, or outright failure. Therefore, mastering the art of stakeholder engagement is not optional — it is a core competency for modern security leaders.

Common Mistakes and How to Avoid Them

Mistake 1: Dropping Communication After Initial Approval

One of the most frequent errors is to stop updating stakeholders once the project is greenlit. Leaders assume that everyone is on board and will stay that way. However, circumstances change: new threats emerge, technologies evolve, and priorities shift. Without regular updates, stakeholders may feel left out or become anxious about progress.

Solution: Establish a consistent cadence for check-ins — monthly or quarterly. During these meetings, share what is working, what isn’t, and what the next steps are. This transparency builds confidence in your team’s ability to adapt. It also provides a safe space for stakeholders to voice concerns before they escalate into bigger problems.

Mistake 2: Sticking to a Failing Strategy

IT leaders often feel pressure to stick with an approved plan, especially after significant capital and resources have been committed. But reality rarely matches the blueprint. New vulnerabilities, adversarial tactics, and technological shifts demand flexibility. Clinging to a flawed approach can waste time and money.

Solution: Do not be afraid to flag issues early. Reach out to stakeholders for feedback — this is your opportunity to lean on their expertise. Adjust your strategy as needed and communicate the changes clearly. Remember, a plan is a starting point, not a prison.

Mistake 3: Keeping Employees in the Dark

Users are often the weakest link in cybersecurity. Research shows that just 1% of employees account for 75% of security risk. If staff do not understand why security matters or how their actions affect the organisation, they are more likely to make costly mistakes.

Solution: Open up communications with the entire workforce. Hold education and training sessions before launch and throughout the project lifecycle. Explain what the organisation is doing to protect data and reduce risk. Gather insights on the tools employees use, then adapt your strategy to enable productivity while keeping assets secure. When users feel included, they become allies rather than liabilities.

Mistake 4: Using Fear to Win Over the Board

Board members can be the most intimidating audience. Security projects often come with high costs, and directors may resist spending. In response, some IT leaders resort to scare tactics — highlighting worst-case scenarios and terrifying breach statistics. While fear can grab attention, it rarely sustains long-term support.

Solution: Focus on the positive business outcomes that cybersecurity enables. Talk about how a robust security posture supports growth, customer trust, and competitive advantage. It is fine to mention a recent breach or potential costs, but do not let fear dominate the conversation. Frame security as an investment, not just a necessary expense.

Mistake 5: Failing to Kill Failing Projects

Some projects simply will not work, no matter how much effort you pour into them. The natural instinct is to try harder, fix the problems, and push through. However, this can lead to escalation of commitment — throwing good resources after bad.

Solution: Treat failure as a learning opportunity. Debrief with stakeholders on what went wrong, refine your approach, and be willing to start over. Align on what is best for the business, and do not hesitate to end a program that is not delivering value. Knowing when to cut losses is a sign of strong leadership.

Building Long-Term Stakeholder Trust

Ultimately, learning how to handle security stakeholders is about building relationships based on transparency, adaptability, and mutual respect. By avoiding these common pitfalls, you can foster an environment where stakeholders feel heard, informed, and confident in your decisions. For more insights on cybersecurity leadership, explore our guide to security governance and learn how to communicate effectively with the board.

Remember: cybersecurity is a team sport. The more you engage your stakeholders, the stronger your defence becomes.

Everything You Need to Know About RDNH and Protecting Your Business Domain

Your domain name is more than just a web address — it’s your digital storefront, your brand’s anchor, and often your first impression online. Without it, customers would need to memorize strings of numbers to find you. So when someone tries to take that identity away, the stakes are enormous. This is where reverse domain name hijacking (RDNH) enters the picture, a growing threat that every business owner should understand.

What exactly is RDNH? Simply put, it’s a tactic where a person or company falsely claims that a domain name was registered in bad faith — even though they have no legitimate right to it. The goal is to force the current owner to hand over the domain, often after a failed purchase attempt. As ICANN’s UDRP rules define it, RDNH is a finding of bad faith by the complainant, not the domain owner.

How Does Reverse Domain Name Hijacking Work?

RDNH typically unfolds through the Uniform Domain Name Dispute Resolution Policy (UDRP), a legal framework designed to resolve domain disputes. A complainant files a case alleging that a domain infringes on their trademark or brand rights. However, if the panel determines the complaint was made with malice — to harass or steal the domain — it can declare the case as RDNH.

This means the accuser, not the domain owner, is the one acting in bad faith. For example, a large corporation might target a smaller business that owns a domain similar to their brand name, even though the small business registered it legitimately and has no intention to profit from confusion. The corporation then uses legal pressure to try to seize the domain without paying market value.

RDNH vs. Cybersquatting: Key Differences

Many people confuse reverse domain name hijacking with cybersquatting, but they are opposite sides of the same coin. Cybersquatting involves registering a domain name that resembles a trademark with the intent to sell it at an inflated price. RDNH, on the other hand, is when a trademark holder abuses the UDRP process to take a domain they don’t deserve.

As the WIPO Arbitration and Mediation Center notes, RDNH findings have increased in recent years, highlighting the need for vigilance. While cybersquatting is about profiting from someone else’s name, reverse domain name hijacking is about stealing through legal threats.

Why Your Business Should Care About Domain Disputes

Domain disputes can disrupt your operations, damage your reputation, and drain your budget. Even if you win a UDRP case, the legal costs and time lost can be significant. Moreover, a bad-faith claim can force you to prove your innocence, which is stressful and distracting.

Therefore, prevention is your best defense. Start by choosing a domain name that is unique and not easily confused with established trademarks. Avoid generic terms that could trigger disputes. Also, register your domain with a reputable provider that offers protection features, such as Cloudflare Registrar or Namecheap, which include WHOIS privacy and domain locking.

Practical Steps to Shield Your Domain

• Use a strong, unique name: Avoid common words or obvious misspellings of big brands.
• Register multiple extensions: Secure .com, .net, and .org versions to prevent squatters.
• Enable domain privacy: Hide your personal information from public WHOIS databases.
• Monitor trademark filings: Stay alert to new trademarks that might conflict with your domain.
• Keep records: Document your domain registration date, use, and any communications related to it.

What to Do If You Face an RDNH Claim

If someone files a UDRP complaint against you, don’t panic. First, consult a legal expert specializing in domain law. Respond promptly with evidence of your legitimate use of the domain. Highlight any bad-faith actions by the complainant, such as prior purchase offers or threats.

Remember, the UDRP panel can award costs if they find RDNH. This discourages frivolous complaints. In addition, building a strong case around your domain’s history and your good-faith registration will help protect your rights.

Ultimately, understanding reverse domain name hijacking empowers you to defend your digital asset. By staying informed and proactive, you can avoid costly disputes and keep your online identity secure.