Intelligent CISO Issue 50 - Page 72

GO PHISH
Soon every state in the US will have an individual privacy law and we ’ ll be seeing the equivalent of GDPR at the federal level . architecture . I don ’ t see hybrid teams changing much in the next 12 months , but more abstracted operating environments will continue becoming more and more prevalent until nothing else makes any sense .

GO PHISH

If you could go back and change one career decision , what would it be ?
It ’ s difficult to nail down to one decision , but I probably should have been more politically astute with my opinions in the past . There have been times when I ’ ve thrown politics to the wind and said exactly what I think to the wrong people .
What do you currently identify as the major areas of investment in your industry ?
DevSecOps and privacy . DevSecOps is the next generation of DevOps . This is when the developers are running security testing and involving the security team while they ’ re designing the code . That way , when a project gets to production , you know the security is baked in . It ’ s critical to continue pushing security to the left and integrating it into the earliest stages of software and product development . Our biggest security challenges right now lay in supply chain and infrastructure weaknesses .
Data privacy regulations are rapidly spreading across our individual states and other countries ; soon every state in the US will have an individual privacy law and we ’ ll be seeing the equivalent of GDPR at the federal level . These need to be addressed with both technology and legal investments .
What are the regionspecific challenges when implementing new technologies in North America ?
Once again , I have to talk about privacy . With the rapidly changing regulations across North America and Europe , it is important to not be left behind in your technology or philosophy . Even though this question is specific to North America , the worldwide privacy laws being put in place and modified have a big effect since
doing business in just North America is not realistic . Your local implementations must reflect a global attitude .
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months ?
In the past year we transitioned from a purely remote function back to an inoffice and hybrid situation for my team . This is just as big of a challenge as our initial push to go 100 % remote at the beginning of the pandemic .
The other big change has been focusing on serverless environments and freedom from protecting the hardware and OS level . This allows for more abstract thinking in the security

Soon every state in the US will have an individual privacy law and we ’ ll be seeing the equivalent of GDPR at the federal level . architecture . I don ’ t see hybrid teams changing much in the next 12 months , but more abstracted operating environments will continue becoming more and more prevalent until nothing else makes any sense .

What advice would you offer somebody aspiring to obtain a C-level position in your industry ?
For a CISO , ‘ your industry ’ means something different because you always have to include Information Security globally as part of your industry . For example , with Voice of the Customer specifically , I think that understanding your customers ’ business and data needs is first . For Information Security , you absolutely must develop an understanding of all the different technical disciplines as a base ( networking , applications , APIs , compliance frameworks , local and international laws and regulations , databases , software development , cloud , infrastructure , etc .).
A good CISO must be able to blend a deep understanding of business and financial concepts with legal , technical and human considerations , to create a solid risk model to guide the rest of the C-level staff in their decisions . Lastly , developing and demonstrating excellent communications and leadership skills is more important than any other C-level function . u
72 www . intelligentciso . com