I had the pleasure of speaking as part of a great panel at the HMG Chief Information Security Officer (CISO) Executive Leadership Summit in San Francisco CA last week. A tremendous event which brings together a community of CISO’s to talk, share, network, and give insights to their successes and warnings about well-learned lessons from their past experiences. HMG, led by Hunter Muller, is renowned for their CIO Summits and community platform for senior information officers to share ideas and build their personal reputations. Hunter is expanding their successful platform to service one of the fastest growing management areas, the cybersecurity executive.
The gathering in San Francisco was the inaugural HMG CISO leadership summit and comprised of several panels and audience discussion, intermixed with ample breaks to socialize and get to know colleagues. The panel I participated on, which started off the day’s interactive sessions, discussed the new and dynamic mindset a CISO must employ to lead with courage and drive innovation to secure the enterprise.
Mike Kail, Chief Innovation Officer at Cybric moderated the panel which included: Gerald Beuchelt CSO Demandware, Curtis Coleman VP and CISO, Seagate Technology, Israel Martinez Chairman Global Manufacturing ISAO & CEO Axon Global, and myself Matthew Rosenquist Cybersecurity Strategist Intel Corporation. Panel members are pictured above, from left to right: Matthew Rosenquist, Mike Kail, Hunter Muller, Curtis Coleman, Gerald Beuchelt, and Israel Martinez.
I cannot remember being on such an insightful and experienced panel. These professionals brought a great depth of knowledge to an audience of their peers.
Leaders who build their skills on a strong foundation of courage have a significant advantage for successfully driving innovation to create value to their organization. Today’s CISO must be prepared to embrace strategic innovation while simplifying IT and bringing legacy operations and applications into the future. To accomplish this, the CISO must be strategically aligned with the CEO and the board, while aligning security strategies with corporate goals to stay competitive.
One of the most memorable questions, focused on the mistakes CISOs make. How to recognize, learn, and adapt is key to success.
Every security professional is bombarded by constant issues, areas to fortify, and people to train. Managing risks are a daily activity, but constantly being in ‘firefighting’ mode can detract from important aspects. Focusing on the immediate problems for a CISO is important, but not at the cost of also addressing the long-term strategic positioning for success.
CISO leadership must also establish a healthy organization which is ‘sustainable’ in aligning to long-term emerging risks and organizational goals. The attacks and vulnerabilities of today will give way to progressively more punishing incidents, which draws ever more resources in a rigid model. Many security organizations are increasing their spending by double-digits each year. Such growth is simply not sustainable from a business perspective. At some point, cyber defenses will lose in a prolonged war of attrition.
We manage security through Leadership and Preparation, otherwise we face Crisis and Desperation”
Adaptability and foresight are therefore crucial. More security is not always better. We must act smarter in ways that will not require year-over-year skyrocketing budgets, impede the growth of business, or undermine the experiences with customers. Security is a balance. The goal is to achieve an optimal level which manages risk-of-loss to a level which is acceptable based upon costs and usability impacts. Organizations must be carefully crafted, with built-in flexibility and resiliency, to make this a sustainable reality over the long-run. This is the single greatest challenge of any CISO.
More Summits in 2017
HMG is hosting a number of these executive leadership summits across the country. I found it hugely worthwhile to be in a room of professionals also striving to achieve the optimal balance of security. Sharing our knowledge and experiences makes the entire community stronger.
- 2017 New York CISO Executive Leadership SummitApril 28, 2017
- 2017 Chicago CISO Executive Leadership SummitMay 23, 2017
- 2017 Atlanta CISO Executive Leadership SummitAugust 17, 2017
- 2017 Washington, D.C. CISO Executive Leadership SummitSeptember 21, 2017
- 2017 Dallas CISO Executive Leadership SummitOctober 06, 2017