The digital transformation of businesses globally, with emergence of Smart Cities is changing the very definition of security role, from being a technology centric to more of a business-centric executive role, forcing the security leaders to get more involved and be responsible for securing business processes and operational technologies that control Smart Cities and critical infrastructure of a nation.
The seriousness of any business with regard to security starts with commitment to invest in a CISO or security executive, even though in some cases existing employees without appropriate knowledge or experience are simply re-casted in this new role. This is usually done for compliance or as response to audit findings or recommendations.
The challenges and interaction of CISOs get much wider and risks emerge from across different business domains. The security threats today are from more organised crime industry and nation-state actors which demands CISO to understand and manage digital technology adoption and transformation with business objectives, legal and regulatory landscape in mind.
The modern enterprise demands ubiquitous connectivity and freedom to work from anywhere, anytime on any device, making it a virtually perimeter less organisation with humans acting as perimeter and first line of defense.
CISOs today are becoming part of the deadliest catch category (most dangerous / riskiest jobs), fighting against a lot of unknown and unexpected threats, only way to succeed here against all the threats is to act as a group or a community, by supporting and sharing knowledge and intelligence. While, the CISO requires to build trust with executive management through thought leadership, understanding of business issues and translating the technology risks into business language, it needs to be supported with necessary information / reports and actionable intelligence to gain attention from the management.
The new generation of CISOs as executives are required to be more social and business friendly with excellent communication and presentation skills especially as they are now part of boardroom discussion and decisions. CISO’s are not expected to be a geek working behind a closed door, trying to secure and protect the business and CISO’s who tend to use fear, uncertainty or doubt without interacting with business executives and other teams can be ostracised and might fail eventually.
Here are a few recommendations for our CISO Council members and Security Executives Community to enhance their role.
Connect: Connecting with industry players and peers with similar interest and business risks will allow you to discuss and learn from their success or failures. Also, connecting with cross-industry and cross-continental security leaders will open up new ideas of protection strategies and allow you to be innovative in your security strategies.
Collaborate: CISO networking platforms and security events are good source to learn about new technologies and most importantly meet other security leaders in person. Peer interactions and deliberation are helpful to gain different perspectives to addressing security risks, it would also allow you better manage your security initiatives by learning different ways of doing same things from different organisations.
Contribute / Share: The power of sharing information is invaluable, the only way, you can beat the adversary is by learning his techniques and actions. This can be more effective as a community that shares information with each other and partnerships from industry service providers. CISO roundtables and other closed-door sessions have also proven to be very effective.
Learn: Learning and professional development should be integral part of individual growth and way to get familiar with advances in technology and other business practices. The vast experience and knowledge gained by global industry leaders, that is available through books, courses, conferences and articles will prove to be very helpful against all odds to overcome challenges.
The current demand for security executives and lack of availability will force organisations to invest more in external support and train internal leaders. The future CISOs or next-generation security executives would emerge from various disciplines and experiences.