Tom Gamali , Group CISO for a leading Middle East organisation operating across seven core business sectors , speaks to Intelligent CISO about the organisation ’ s groundbreaking partnership with Vectra AI and how this has enabled increased network visibility . He also outlines the company ’ s strategic priorities when operating with security top of mind .

The landscape has changed . Back in the day infrastructure was in a server room so was easier to guard as the international regulations around cybersecurity and data privacy weren ’ t there .

The supply chain has also changed , so there ’ s a lot of moving parts . Now , everyone wants to be digital . We ’ ve seen what happened during COVID and how organisations were resilient during this period , requiring heavy emphasis on digital enablement . So we ’ re currently seeing these vectors changing or becoming more prominent , which transforms the entire landscape in terms of cybersecurity .

There are a lot of external factors involved , regulation being one . We ’ re also looking at services coming into the supply chain and the dependency on the supply chain . Companies with technology dependencies also form part of the supply chain so it ’ s a much harder environment to guard against cyberattacks – in some cases we have no direct control over their environments . It ’ s also becoming a more regulated environment where we ’ re now seeing almost every country jurisdiction that we operate in with its own cyber regulations , its own privacy laws .

What are your strategic priorities when it comes to your business approach in terms of operating with security top of mind ?

Business engagement is important . I think the modern CISO is someone who is considered a business enabler – someone who can sit around the table with the business , understand what they ’ re trying to do and be part of the solution in terms of delivering that with the resilience and controls in place which allow the business to operate . There ’ s a relationship that ’ s needed with the business . It ’ s not an IT-centric function .

In terms of cyber prevention , the world has changed slightly . When we consider this from a cyber prevent , detect and respond perspective , we focus on the following : endpoints ; network ; cloud ; and people . I look at those four pillars and that determines my approach . It ’ s a more holistic approach and I think if you focus well on those four pillars , you have the

Tom Gamali , Group CISO best chance of maintaining a good cyber posture within your organisation .

How would you define cybersecurity success and how does Vectra AI play a part ?

‘ Cybersecurity success ’ – that could be referring to a company that hasn ’ t been hacked , hasn ’ t had any cyber incidents or one that has done what it considers to be correct and has positioned the organisation well in order to either defend or detect and respond to a breach .

For me , one of the key areas of focus is post-breach . You want to feel that the company has done everything possible to A ) have potentially prevented it or B ) in the manner that it has detected and www . intelligentciso . com

59