GO PHISH
The biggest change I ’ ve seen is in the responsibilities of the role ( s ) itself .
GO PHISH
myself lucky that my career decisions have brought me to my current opportunity .
What do you currently identify as the major areas of investment in your industry ?
There are two areas of investment that I would prioritise . The first is in cybersecurity basics – as attackers get more and more sophisticated , the best defence is getting the basics right including an aggressive patch management program , network segmentation , accurate asset inventory and least privileged access . Getting these things right goes a long way in protecting your organisation . The second area is investing in cyber controls that minimise the impact if breached . Preventing the breach will continue to be an arms race but if , in addition , we invest in minimising the impact , we reduce the incentives for the attacker and the risk to the organisation .
The biggest change I ’ ve seen is in the responsibilities of the role ( s ) itself .
What are the region-specific challenges when implementing new technologies in APAC ?
Although not isolated to this region , a very real challenge is implementing and managing new technology securely . There ’ s a need for IT and InfoSec organisations to not just work closely together but to have shared objectives that focus on cyber-resilience – which can only be achieved with close collaboration .
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months ?
The biggest change I ’ ve seen is in the responsibilities of the role ( s ) itself . Traditionally the CISO role has been focused on auditing the organisation ’ s security posture and getting the IT functions to comply with security policies and standards and the CIO role has been focused on the delivery of IT services to the business . This often creates conflict between these two roles trying to balance security and service . I ’ m seeing a shift that will gain momentum in the next 12 months where the line between these two roles disappears and the shared objective will be delivering outcomes securely in alignment with the business objectives of the organisation .
What advice would you offer somebody aspiring to obtain a C-level position in your industry ?
Have a strong , informed point of view that drives direction and alignment but don ’ t be afraid to evolve that point of view as new information presents itself or situations change . To be successful in a C-level position you need to have the strength of your convictions and the humility to evolve that position as situations change – and they always do . u
72 www . intelligentciso . com