How do you tailor your messaging to both staff and students ?

We try to encourage security champions – people that are local to certain areas who understand the business risks in those areas and what ’ s important and relevant to them . Once you localise something , it becomes real . Threats can feel very unreal and by making it personal , you can help people understand what ’ s required . For example , live demonstrations showing how easily that coffee shop Wi-Fi could actually be disguised criminal activity can be very powerful .

Further to this , we make sure we encourage people to seek help as soon as they notice something is wrong . It ’ s really satisfying that people will contact us , even on behalf of family members , and ask what they should do . It ’ s not just our business , we hope that families and everybody will benefit from the information we can provide to those in our business .

How do you ensure a strong sense of well-being against a backdrop of increased pressure on CISOs ?

I don ’ t think we looked at it in enough detail a few years ago – we ’ ve had burnouts from some CISOs , which is understandable .

We shouldn ’ t be measured by the number of incidents we have in our roles . While I think a good CISO takes accountability for the work they do , I also think part of our job is ensuring we have a good network of individuals and groups around us who can help when things go wrong .

How important is cybersecurity collaboration across the higher education sector ?

In the Higher Education community , CISOs get together and talk with the National Cyber Security Centre ( NCSC ). We understand our threat landscapes in a way that is helpful to each of us so that we can measure our own risks internally . We might share what we ’ re using or doing to mitigate a threat across different organisations .

Additionally , we question how others are talking to their business about certain issues , because we might get little tips that will enable us to move faster or smarter . Having conversations can sometimes produce resolutions . I really value what my colleagues bring to the table and having those discussions .

How can vendors establish long-lasting relationships with CISOs ?

I always want vendors to be partners . I want to be able to have dialogues with them , I want to be able to be honest with them if things aren ’ t working and in return , I want them to be honest with us if there is something not quite right . It needs to be a longevity trust partnership . Vendors not being clear about their journey , what they ’ re trying to achieve , or exactly what the product is for , tends to erode trust .

We need salespeople to acknowledge that I can ’ t buy everything every year – I have a limited budget . However , the reason longlasting relationships are important is because I might then come back to a product . It is often a long game of getting to know a vendor over a period of time .

I always want vendors to be partners . I want to be able to have dialogues with them .

WWW . INTELLIGENTCISO . COM 53