GO phish
application security into DevOps and cloud security processes . More companies are realising that getting all these activities integrated together reduces the chances of vulnerabilities slipping through .
This also feeds into the ‘ shift left ’ approach that ’ s been on the software development agenda for some time now . At Checkmarx we ’ re pushing for a ‘ shift everywhere ’ ethos that , as with ‘ code to cloud ,’ takes that even further , with security issues being detected and addressed all the way through the lifecycle . The more integrated different systems and processes are , the easier that is for teams to achieve .
Are there any differences in the way cybersecurity challenges need to be tackled in the different regions ?
Cybersecurity challenges are pretty homogeneous . Companies have the same issues to tackle around vulnerability management , identity security , and so on . And threat actors are attacking targets around the world .
I ’ d say compliance is the biggest regional factor as we ’ re seeing quite different levels of requirements in different areas now .
Europe has a lot going on right now for example with NIS2 coming in for critical sectors and DORA for the finance industry . The US landscape looks quite different but does have the Securities and Exchange Commission as well as Executive Order 14028 recently bringing in stricter rules about disclosing breaches and sharing threat intelligence .
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months ?
I ’ ve been doing more remote work and I think that will continue into the next year . It ’ s one of the benefits of working in a very digital field , and something Checkmarx has embraced for some time .
What advice would you offer somebody aspiring to obtain a C-level position in the security industry ?
I ’ d say aspiring CISOs need to be aware of how broad the security landscape is , given the complexity of the threats and technological challenges . It includes everything from network security , endpoint security and application security – all of which blends into cloud security .
So , it can be a very different experience for anyone looking to move up from more specialised IT security fields where there ’ s an emphasis on being an expert in one area . In addition , while boards and senior executives tend to understand the critical nature of endpoint and network security , application security is now just as critical , with code vulnerabilities representing targeted points of entry for threat groups of all kinds .
Therefore , it ’ s important to understand and gain experience in a wide range of security domains . You need to see the forest as well as the trees . It ’ s also important to note that different industries , businesses and government agencies have a wide variety of needs , so it ’ s critical to become exposed to as many as possible .
68 WWW . INTELLIGENTCISO . COM