GO phish
Another hot issue is AI . AI is being leveraged on both sides , by the attackers to facilitate offensive operations , and by the defenders to improve the efficiency and timeliness of defence . For example , at BlueVoyant we are particularly focused on leveraging AI for our clients to help automate manual tasks and improve risk-reduction outcomes . Cybersecurity can involve many routine tasks that can make it harder to quickly respond to the most pressing threats . By having AI automate some of these tasks , it frees up analysts to find and focus on more immediate issues .
How do you deal with stress and unwind outside the office ?
I enjoy spending time outdoors and trail running . It ’ s a good way to disconnect completely .
If you could go back and change one career decision , what would it be ?
The one thing I would change is I would have spent time working in the public sector earlier in my career . Working in the public sector is a fantastic way to gain experience solving difficult problems and working with smart , passionate people who are mission-driven .
What do you currently identify as the major areas of investment in the cybersecurity industry ?
BlueVoyant recently surveyed more than 2,000 C-level executives on third-party cyber-risk and 86 % said their budget for this increased . In the UK , that number is even higher with 92 % saying their budget for third-party cyber-risk increased . As third-partyrelated breaches make headlines , organisations are seeing that this is a very real risk and are working on putting together programs to manage the risk .
The other area of investment I am seeing is platformisation . Organisations have tried adding on many vendors to handle many different risks , but it has become unwieldy to manage all those tools . Instead , they are seeking convergence of managing risks through a single pane of glass . For example , they may want to manage multiple third-party risks , such as cyber and other supply disruptions , or internal and external cybersecurity risks in one platform .
Are there any differences in the way cybersecurity challenges need to be tackled in the different regions ?
Regions and industry sectors have different regulatory requirements that drive some of the practices employed , but also there are various levels of maturity by region and sector . For example , according to BlueVoyant ’ s recent survey , 95 % of UK organisations say they experienced a negative impact from cybersecurity incidents in their supply chain , which is significantly higher than the 81 % of global respondents who indicated the same .
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months ?
We ’ ve seen a large uptick in interest in our thirdparty risk reduction solutions for enterprise and government clients on a global basis . For my role that means helping larger organisations solve risk problems at an increased scale . In addition , when it comes to third-party cyber-risk , we ’ ve seen a marked shift from awareness of these risks to actively managing the risk . Organisations now understand that third parties can cause business interruption and data loss . Now , they are trying to put in place successful programs to monitor and mitigate risks from customers , vendors and suppliers .
What advice would you offer somebody aspiring to obtain a C-level position in the security industry ?
For someone aspiring for a C-level role in cybersecurity , I would advise having two knowledge bases . There is a premium on being technical and having depth in the various security domains , but don ’ t forget to spend time on the softer skills as well . As much as you need the technical language to speak to analysts and developers , you also need business and communications skills , such as being able to present to a board and being able to define and articulate your organisation ’ s cybersecurity strategy and relevance to non-technical stakeholders .
68 WWW . INTELLIGENTCISO . COM