Intelligent CIO North America Issue 21 - Page 80

I feel the worst thing for the industry is the lack of understanding around AI and ML .
very few understand how to use it or how to apply its outputs properly . This is something I ’ ve definitely identified as a talking point in the cyberspace .
How do you deal with stress and unwind outside the office ?
It brings me great joy to finish work and spend quality time with my family , especially with my two youngest children . I ’ m also an avid sports fan ; I can ’ t get enough of watching and playing football and golf .
If you could go back and change one career decision what would it be ?
Honestly , I wouldn ’ t change a thing . Every step I ’ ve taken along the way got me to where I am now and where I need to be . While there have been challenges and missteps , I am grateful for all the things I ’ ve experienced , all the people I ’ ve met and all the knowledge that has come from those interactions .
What do you currently identify as the major areas of investment in the cybersecurity industry ?
I see a lot of investment being made in Cloud Security Posture Management ( CSPM ). I also see challenges in leveraging the native tools and visibility from core cloud providers paired with organisations trying to move fast in the space .
If I think about security as managing pre-flight activity ( DevSecOps ), in-flight activity ( network and log analysis ) and post-flight or environment state ( asset management , policy management , etc .), CPSM provides a relative ‘ easy option ’ for post-flight .
Are there any differences in the way cybersecurity challenges need to be tackled in the different regions ?
I recommend a general approach to leveraging regional compliance requirements as a basis for innovation . Rather than managing the specific regions , I ask myself : are we able to execute security initiatives that provide broad coverage of all required controls ?
While it may require additional resources , I believe that effective control implementation creates whitespace for defenders to mature their protection , detection and response mechanisms and that managing this as a complete program rather than at a regional level reduces randomization and improves the overall efficiency of this cycle .
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months ?
I am just at the 12-month mark as a CISO so I ’ ve not seen much unexpected change ; however , I anticipate greater parity between business objectives and security objectives as time progresses .
What advice would you offer somebody aspiring to obtain a C-level position in the security industry ?
It ’ s important to be vulnerable and not afraid of failure . If there is one single truth in cybersecurity , it is that at some point , the adversary will win .
If we take that mindset and look at failures as our route to learning what ’ s required to minimise the future impact of adversarial activity , we will all be better for it .
Additionally , cybersecurity professionals must determine ways to convert the learnings from those failures into institutional memory . In order to improve cyber-resilience , we must disseminate those learnings in ways that weave it into the cultural and operational fabric of the institution at large . p
80 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com