Intelligent CISO Issue 43 - Page 72

GO PHISH
The market is extremely crowded and it ’ s hard for organisations to determine what cybersecurity solutions they need to meet their business objectives .

GO PHISH

not to say I haven ’ t made some poor decisions along the way , but ultimately , I ’ m here today because of them and I continue to learn from those experiences .
What do you currently identify as the major areas of investment in the cybersecurity industry ?
A lot of investment is being driven by Digital Transformation strategies which , while undoubtedly beneficial , create a broader attack surface . At the same time , the correlation between prevention , detection and response is being more widely recognised , resulting in increased investment in Managed Detection and Response ( MDR ) services and the associated technology which combines human analysis , AI and automation to rapidly detect , analyse , investigate and actively respond to threats .
I think part of the reason we ’ re seeing such growth in this area is the acknowledgement that the right solution will not only strengthen cyber-resilience , but it can also help to consolidate security tools and increase the RoI of security operations .
Are there any differences in the way cybersecurity challenges need to be tackled in the different regions ?
It largely comes down to regulations , as these differ from region to region . For example , EMEA has a lot less regulations than North America , which has much more standards for cybersecurity such as the NIST Cybersecurity Framework . In other parts of the world , differences are more likely to be driven by the country ’ s economic status and activities .
The challenges in an emerging market and third world country are also very different to that of the first world countries . For example , many Ransomware-as-a-Service groups won ’ t target specific geographic regions , so it ’ s less of a concern in those countries .
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months ?
Education has been a major focus for us over for the last six months and I expect

The market is extremely crowded and it ’ s hard for organisations to determine what cybersecurity solutions they need to meet their business objectives .

this to continue for the next year . The market is extremely crowded and it ’ s hard for organisations to determine what cybersecurity solutions they need to meet their business objectives . It ’ s recognised that there ’ s no one-size-fitsall approach to cybersecurity , so we ’ re working with more and more companies to perform cyber assessments and make tailored recommendations .
At the same time , MDR is still in its infancy , which means it ’ s open for interpretation by different vendors and organisations . Over the next year or two I expect we ’ ll see more standardisation of these services .
What advice would you offer somebody aspiring to obtain a C-level position in the security industry ?
The one piece of advice I ’ d offer is to make cybersecurity a business enabler as this is what will differentiate leaders that succeed against their rivals .
This means aligning security transformation and Digital Transformation in support of the business strategy and objectives to really push the business forward . u
72 www . intelligentciso . com