Intelligent CISO Issue 40 - Page 72

GO PHISH

GO PHISH

everyone and definitely not me . It took a huge toll on my mental and physical health . I should have hung it up sooner and moved on .
What do you currently identify as the major areas of investment in the cybersecurity industry ?
The industry should be investing more in people . And by that , I mean growing and training the cybersecurity experts of the future . There are so many good folks out there and not just in the technology field , that would do very well in cybersecurity roles . Many of them are deep within our organisations and just need to be tapped , motivated and educated . It ’ s disingenuous for companies to cry that there ’ s a cyberskill shortage when they aren ’ t doing anything to raise up the folks inside their own ranks .
Are there any differences in the way cybersecurity challenges need to be tackled in the different regions ?
US leverages a lot of tech for retail , so we see a lot of credential stuffing and online fraud . Whereas another region may be deeper into FinTech or delivering government services via technology , or even mobile . This is where we see more regional differences in compliance , which also will overlay on the tech and security deployments .
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months ?
My current role is carrying out threat research and talking with security leaders to develop intelligence for the security community . I ’ m not in what you ’ d call a typical cybersecurity role . I do see changes in what people are interested in with respect to content and conversation . There ’ s a lot more interest in DevSecOps , cloud security and moving to Zero Trust .
What advice would you offer somebody aspiring to obtain a C-level position in the security industry ?
Learn to speak in terms of the business that you ’ re going to be working in . No one in a C-level position is going to want to hear arcane technical talk or abstractions . And every organisation cares about different things . Understand the value flows of your organisation and think of all your work in the context of that . The more you can translate cyberrisks into things your C-levels are used to dealing with , the more they will listen to you . u
We have seen some difference in cyberattacks by region . I think a major factor impacting this is which technology platforms are being used and in what ways . For example , the
72 www . intelligentciso . com