Posted by pritha on May 9, 2022 at 10:41pm in Blog
Interesting learning during the journey of cyber war & peace. Areas of learning in the life journey as leader, professional.
About Speaker
Nick has 25 years of experience from the digital battlefield to 21st-century technology adoption. Disciplined execution with creative improvisation for better security risk management outcomes.
Bikash Barai is the Co-Founder of FireCompass, an AI assistant for IT security decision makers. Earlier he founded iViZ an IDG Ventures backed company which was later acquired by Cigital. He is also an early advisor at CISO Platform.
Posted by pritha on May 9, 2022 at 10:28pm in Blog
What should a CISO do the first 90 days of his new role ? It's all about the journey of a CISO. Split the tenure into a few segments for understanding current security situation in the organization, putting together a strategy and execution. Focus on understanding your key roles in first 7 Days and first 30 Days withing in 90 Days. Learn more from our speaker - CISO, NTT Research. He's also writing a book on this soon.
About Speaker
Matthew Irelan is the CISO at NTT Research. Mathew is Proven strategic leader with a diverse background across many domains including executive consulting, healthcare, manufacturing, financial//banking industries, and emergency services (Law Enforcement, EMS, and Fire/Rescue). I love leading teams through culture change, fixing complex business problems, and driving profitable revenue growth.
Bikash Barai is the Co-Founder of FireCompass, an AI assistant for IT security decision makers. Earlier he founded iViZ an IDG Ventures backed company which was later acquired by Cigital. He is also an early advisor at CISO Platform.
Fireside Chat (Recorded)
Executive Summary (Session Highlights):
Building Relationships and Preparing for Day One: This session emphasized the importance of relationship-building and early research for incoming CISOs. Preparation begins before day one by studying the organization's business strategy, understanding key stakeholders, and building trust with peers and leaders. CISOs should seek to grasp the company culture, revenue models, and leadership dynamics through resources like LinkedIn and direct conversations.
Key Priorities in the First Week: The initial week focuses on foundational activities like onboarding, understanding organizational dynamics, and creating a sense of belonging. CISOs should establish relationships with team members, identify key influencers, and familiarize themselves with the business environment. Early efforts should align with understanding immediate operational and strategic priorities.
Understanding Business Strategy in the First Month: In the first 30 days, CISOs must prioritize learning the business inside out. Strategies include analyzing key revenue sources, understanding major business metrics, and identifying critical organizational milestones (e.g., acquisitions, product launches, or IPO plans). Building relationships with leaders in finance, manufacturing, and other departments provides insight into what drives the business and uncovers potential risks.
Aligning Security and Business Goals: The session highlighted the necessity of framing security initiatives in terms of business outcomes. CISOs were advised to shift their focus from technical jargon to business language, aligning security strategies with key business objectives. For example, framing data security as a method to ensure customer trust and financial stability enhances collaboration with non-technical stakeholders.
Inventory and Gap Assessments: Creating a complete and accurate inventory of people, processes, and technology is critical. This includes identifying data locations, understanding data flows, and mapping team strengths and weaknesses. Gap assessments help align existing security measures with organizational needs, ensuring a focused approach to mitigating risks.
Challenges in Data Discovery and Access Management: Data inventory and access reviews were cited as ongoing challenges. Shadow IT and unknown data repositories present significant risks. The session stressed the importance of using both tools and personal interactions to uncover hidden data and foster collaboration with business leaders for effective security management.
Navigating the Language of Business vs. Security: Successful CISOs bridge the gap between business and security by learning to speak the language of their stakeholders. Rather than imposing technical solutions, they must listen, adapt, and align security goals with broader business strategies. Building trust and showing humility were highlighted as key enablers in this process.
Mentorship and Continuous Learning: The session underscored the importance of mentorship and ongoing professional development. Exercises like identifying gaps between current skills and desired roles can guide career advancement. CISOs were encouraged to focus on strategic thinking and leadership to become valuable business partners.
Posted by pritha on May 9, 2022 at 10:01pm in Blog
Operational Technology cyber risks is a growing problem for organisations in the manufacturing, infrastructure, energy, resources and logistics industries. The increased adoption of digital technologies to drive productivity and increased connectivity with suppliers and customers have resulted in a growing digital footprint and associated cyber threat across the operations value chain. We will analyse practical steps organisations can take across mitigation and insurance, and explain how to address key exposures and stakeholder needs.
About Speaker
Anthony drives WTW risk and analytics service in Australasia to help clients across their full journey of improving cyber risk awareness. He has a deep understanding of the quantification and financial impacts caused by cyber events. He has triaged major cyber claims and coordinated the incident response and management of over 400 cyber incidents.
Rob is an experienced cyber security leader who has held senior executive leadership positions where he has built and run information security capability across multiple industry sectors. He has been highly engaged with industry bodies including Australian Information Security Association (AISA) and the Information Systems Audit and Control Association (ISACA).