COVER STORY
business people that is important to the
group. At the same time, I need to be a
good people manager, making sure my
team is growing, getting the training and
appropriate engagements needed.
How do you approach talking
to the board – proving ROI is a
challenge, how do you deal
with that?
At board level, you should find the best
time to give the message. Sometimes for
cybersecurity there’s limited resources
and time for giving presentations.
One of the key challenges is that I need
to have a crisp message in a very short
format. If it goes well, then it will open up
longer discussions. It means that there
is a real importance in grabbing their
attention while you have the chance to
push forward a wider discussion.
For ROI, one of the good examples is
cyberawareness. How can you make
sure that awareness is something which
makes a long-term difference and make
an impact?
If you have an investment for checking
certain cybersecurity measurements
you should prove that it is getting
better and I think that, for all CISOs,
this is a big challenge.
I am very keen to ensure we have a
diverse workforce (male/female). I think
that the more diverse the workforce, the
more value offered to the company. Communication is very important
for CISOs but what other advice
would you give to people who
would like to be in your position?
What kind of data does the
company need to secure? I think the most important advice is that
the CISO role is there to support the
business and so you really do need to
understand the business requirements.
We are an oil and gas company so we
are working on downstream, upstream
as well as consumer-related data.
What about the role of a CISO?
How has that changed?
Even during my period [as CISO], I
can feel changes. While my previous
bosses were technology focused, what
I feel is that I now need to be more
business agile, more understanding
of the business and how it works and
how can I find the right solution for the
www.intelligentciso.com
|
Issue 15
Secondly, try not to threaten people.
Try not to show that it is going to be the
end of the world. You should find the
business need and then deep dive into
the cyber issue.
What in your view are the big
threats right now?
Cybersecurity intrusions like ransomware
activities. Then, a huge challenge not
just for us but for everyone, are the
At board level,
you should find
the best time to
give the message.
Sometimes for
cybersecurity there’s
limited resources
and time for giving
presentations.
phishing related threats. Also, making
sure all PII and consumer and business
data is protected.
Can you talk about any recent
technology deployments or how
you’ve worked with RSA Security
for example?
RSA is one of the main vendors within our
organisation, supporting cybersecurity
detection response capabilities. We
leveraged RSA’s technical, as well as
procedural expertise, concerning IT and
OT cybersecurity.
Together we developed multiple
MOL specific, tailored frameworks
which enables us to bring our MOL
environment to the next level, making
sure that we protect and cover the
important risk areas.
How important is collaboration
in cybersecurity?
I think everybody has the urge to
collaborate with each other. We are
in a good place and have certain
connections and we should support
each other.
Even if people might think somebody
is losing some competitive advantage
because of sharing information, if you do
it in a proper collaborative way you will
only see the benefit. u
53