The education sector is one of the most prone to cyberattacks in the world , heightened in recent years due to the fast-paced , ever-evolving technological field . Sarah Lawson , CISO and Deputy CIO for the University College London ( UCL ), has been at the institution for three years and with 20 years ’ experience in cybersecurity under her belt , she offers her advice for those in education cybersecurity . She covers poignant topics such as the unique cybersecurity challenges faced by the education sector , the talent shortage which is still so prominent and the importance of diversity in the cybersecurity space .

How has your role as a CISO evolved with the coming of Artificial Intelligence ?

The main change is AI has become very ubiquitous for everybody . In the past , we ’ ve had new innovations come into play and we ’ ve been able to legislate , consider and manage the risk of those innovations .

However , the hype around AI has been a lot bigger and a lot faster than it was before . Therefore , our risk management is a lot harder to keep up with . We ’ re almost not ready for it in terms of our business data management and data governance . It ’ s been challenging for most businesses to consider how they manage that – but ultimately it is unavoidable if we want to succeed . AI has meant that as a CISO , my demands on the business to solve issues has become more urgent ; that ’ s the big difference with AI , we ’ re having to act fast .

What are the biggest challenges for CISOs in the education sector ?

The challenge is enabling great innovation and smart research , but at the same time ensuring we remain as safe as possible . We don ’ t have a massive budget for this ; however , we do think carefully about potential risks and how we manage and mitigate those risks . It ’ s a lot of fun trying to work on that challenge and that ’ s the reason I ’ m in higher education .

Why is effective communication useful for every cybersecurity professional ?

Part of being a good CISO is being able to interpret the idea of cybersecurity for your intended audience and make it relevant to them . Only then will they be able to understand how to manage that cybersecurity problem . If you can ’ t communicate and talk in terms of risk or threat ,

WWW . INTELLIGENTCISO . COM 51