Intelligent CISO Issue 32 | Page 72

GO PHISH
A definite benefit to working from home is the added time I have been able to spend with my family . networks , so they ’ re investing in security which doesn ’ t depend on a hub-and-spoke data centre architecture .

GO PHISH

from home is the added time I have been able to spend with my family . I do also like to spend time in my home gym as I find exercise is a fantastic way of refocusing and unwinding .
I also spend some of my spare time reading books that are related to the job , either directly or indirectly . Right now , I ’ m reading a great book on risk-centric threat modelling .
If you could go back and change one career decision what would it be ?
I genuinely choose not to have regrets . All the decisions have been opportunities to learn and improve , and without these I would not be where I am today . Security in particular is an industry where you have to try a lot of different things and might face some setbacks , and having regrets can make you less likely to be creative .
What do you currently identify as the major areas of investment in the cybersecurity industry ?
CISOs continue to tell me that they struggle with the cybersecurity basics . As a result , they ’ re investing in three foundational areas : Zero Trust , data protection , and endpoint visibility and control , to help protect the distributed workforce .
Zero Trust : Organisations want to minimise their reliance on corporate

A definite benefit to working from home is the added time I have been able to spend with my family . networks , so they ’ re investing in security which doesn ’ t depend on a hub-and-spoke data centre architecture .

Data protection : Companies are generating an increasing volume of data and separating what ’ s relevant from what isn ’ t is a growing challenge in the industry . Understanding the critical information within systems is a crucial prerequisite to reducing enterprise risk . Companies are turning to tools which can identify sensitive data at rest and in transit , along with solutions for data minimisation and obfuscation .
Distributed Workforce : The shift to home working has created an explosion in potentially unmanaged remote endpoints , which could create dangerous visibility gaps . Most ( 55 %) IT leaders we spoke to recently argue that these gaps could leave them exposed to cyberattacks , and 23 % are concerned about non-compliance fines .
That ’ s why we ’ re investing in technology to help organisations close visibility gaps in their IT endpoint environments , as the workplace continues to evolve .
Are there any differences in the way cybersecurity challenges need to be tackled in the different regions ?
Every region differs when it comes to cybersecurity . That ’ s why it ’ s important for CISOs to spend time with their regional leaders to understand the current landscape and the security , IT and compliance challenges that each region faces . This knowledge can then be incorporated into the wider global CISO strategy .
The cybersecurity industry is still – in some countries , companies and verticals – struggling to shake the stigma of being a ‘ department of no ’. Ensuring that the security leader is acutely aware of local cultural requirements is vital in the delivery of cybersecurity controls for enterprise risk reduction . Also , the privacy and compliance laws of each country are too different to allow for just one approach .
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months ?
We took the decision to build a global cybersecurity team at Tanium , so my role has grown over the past 12 months . While most vendor CISOs are external-facing only , focused on customer advisory engagements , we have put everything related to security under one team . This centralisation has allowed us to define an overarching strategy for cybersecurity .
Consolidating our internal and externally-facing security functions allows Tanium to better serve its customers , providing good practice recommendations on using Tanium ( the platform ) and our partner ecosystem .
What advice would you offer somebody aspiring to obtain a C-level position in the security industry ?
People skills are crucial , so it makes sense to develop this part of your repertoire if it ’ s something you feel needs work . Listen to the people you work with , take them for coffee and show them your care . You also have to have a continued thirst for knowledge within the cybersecurity industry . Get in the lab , build things and break them down again . The best C-suite staff I know thoroughly enjoy working in their industry because if you don ’ t , you get exhausted . Passion for the industry is vital . u
72 www . intelligentciso . com