Intelligent CISO Issue 13 - Page 53

COVER STORY The CISO community is very small. Everyone thinks it’s this massive beast but it’s actually not and we really need to protect each other and that’s now starting to filter through. you add the tech at the end. People buy technology thinking it’s a silver bullet and that’s a very dangerous and naive place to be.” level. For 14/15/16-year-olds, before they go into doing their GCSEs, A-levels and degrees we need to be saying ‘guess what, there is a whole career here and you don’t actually need to go down the university route if you don’t want to, there are different ways to do it’. “Law firms typically pick out future staff during GCSEs and A-levels and certainly in advance of any university placements. We need to be doing that in this industry but even earlier.” The biggest threats keeping CISOs awake at night “Behaviour is a big one. And not necessarily malicious behaviour but accidental behaviour, not realising what you’re doing is going to create a huge problem for us,” Walmsley says. Nation state attacks, he adds, are leaving CISOs ‘terrified’. “Because there is no way of preventing those. If they [the attackers] want to get in, and you’re targeted, it’s | Issue 13 We have to invest in the future and schools at proper grassroots level. going to happen. So it’s all about how you deal with the aftermath of it.” There are many vendors in the cybersecurity sector – how should CISOs deal with that? “Mostly CISOs inherit stacks of technology that are difficult to manage – we’re constantly looking at consolidation,” Walmsley said. “Top tips, don’t look for point solutions, look for something that’s more holistic. “The second thing is that it’s not all about technology. You’ve got to start with the people, then the process, then CISOs also need to work with vendors as many are diversifying and able to work on specific business cases to meet individual needs. He added that it’s also important to have trust in the people you’re working with. “We don’t talk about suppliers we reference partners and the relationship is as important as the technology,” he said. Advice for aspiring CISOs “I think the role of a CISO is changing. For me, it’s becoming much less of a technical role and much more of a business advisory role. “So rolling it all up together I’ve got a view of what the footprint looks like with risk and my job now is to advise the business on options and preferences. “I think CISOs also need to recognise that you can’t talk in technical terms to your board. And if you’re saying to your board you now own the risk, can I advise you, which is what we should all be doing, then the role of the CISO needs to change.” u 53