COVER STORY
will require evidence that you have
this securely covered and will become
an integral part of your strategy and
overall posture. Zalando is addressing
this with increased investment into
Identity and Access Management,
technical asset and device management,
additional logging and more efficient
vulnerability management.
Zalando offers
excellent personal
development
training, resources
and budget support
for training on
specific cyberskills
and certifications
‘we are going to protect our customer
data at all costs’. Then, 1) build policies
based on any sound security framework
(there are many), 2) build core controls
as strong as required for your regulatory
and risk appetite, and 3) build towards
meeting those controls relentlessly. If
you know what you are trying to solve
and your measurement of success, you
can solve the problem.
As an industry, we must move away from
ad hoc reactive security to more control
and process-based, measurable and
proactive security implementations.
Moving forward, where do you
look to invest as a company?
There’s been a big push to automate
some things that we do manually.
Even though we’re 12 years old, we’re
a very young company and we are
investing and working hard to add new
automation and more robust processes.
We’re conducting POCs AI-focused
anomaly detection, digital footprint
and facilitates an apprentice programme
where we can teach basic security
topics and functions to people as part of
their curriculum, with an option to hire at
the end of the programme.
How do you predict the
cybersecurity industry will evolve
over the next five years?
It’s quite hard to predict – I think you
have to look at it differently now as
our ways of working have suddenly
changed. It was already heading this
way, with many companies offering
work-from-home options, but now we’ve
fast-forwarded at least five years. This
way of working shift makes Zero Trust
environments and identity governance
very important as you control how you
manage access to and by whom data
is processed to be able to meet ethical
data use and GDPR requirements.
Whether we are ready or not, we
have lost the protected confines of
the corporate network; data can go to
any device, anywhere, at any time. These
create difficult operational challenges
that will need to be solved and auditors
What advice would you offer
other CISOs when it comes to
bolstering cyberdefences?
A strategy should be principle-based –
you have to have something in mind like
scanning, third-party risk assessment
automation and additional support to
enable security and privacy early in the
development cycle. With all of these,
automation is key and we will continue
down this path. u
www.intelligentciso.com | Issue 28
53