Cybersecurity Trends and the CISO: Is There a Bright Side?

It’s difficult to imagine a worse situation in cybersecurity than what occurred with the SolarWinds breach and, more recently, the Colonial Pipeline attack. When high-impact cyber events such as these take place, it’s easy to get discouraged.

As a CISO, I get it. There is good news, though.

There is a movement of accelerated, broad change in the cybersecurity industry stemming from these painful events. Both public and private companies are turning toward building resilient, more proactive security practices. In addition, President Biden’s May 12 Executive Order prioritizes modernizing cybersecurity defenses and improving information sharing between the US government and the private sector on cyber issues.

Building strength in cybersecurity instead of bolting it on later isn’t a novel idea among us cybersecurity professionals. So is this too little too late? I don’t think so. In fact, now is the perfect time to evaluate the positive role that the CISO and your security team play in ensuring the health and resilience of your organization.

Understanding the “Why” That Drives Us

My own purpose statement, which is “deeply rooted in human well-being and safety, reflects what I believe keeps all security practitioners showing up each day with their own sense of purpose, prepared to do their best in protecting the organization.

We are proud to serve our company and carry out our mission. I have never met a security practitioner who said, “I’m going to try to do as little as possible today to protect the company.” We are enablers and relish in creating a safe environment, cultivating a secure mindset that builds security into every aspect of the business. And, we aim to inspire those around us to do the right thing.

Our motivation is primarily based on intrinsic factors. We find our work meaningful. Yes, it is difficult work, and the hours are as unpredictable as the next incident, but we thrive on contributing to the greater good of the organization.

When I interview candidates for open positions on my team, I’m seeking the candidate who can express the desire to protect the privacy and security of the company, client, and personnel data — someone who understands that there’s a human being’s life (e.g., medical record) or livelihood (e.g., financial) that is our purpose to protect.

Empowering the CISO for Positive Change

With all of the “unicorn” job descriptions for CISOs, one would think that the promise of sunshine and rainbows is a real thing. The unfortunate reality, however, is that organizational support for our initiatives is often lacking.

On the bright side, there is enormous opportunity for both organizations and CISOs to set expectations for the role of cybersecurity and, more importantly, the support it needs:

  • Accountability at the Organizational Level. When each area of the organization has a sense of ownership to uphold security across the enterprise, it will permeate how each employee does his or her work. Every member of the organization should have a better understanding of how their individual role and cybersecurity intersect. The security team helps enable that education of the organization.

  • Endorsement of Security in Corporate Strategy and Goals. This starts from the top and will foster a culture of security becoming a first-class requirement in every initiative.

  • Empowerment of the CISO Role. To effectively manage cyber risk across the organization and drive decisions accordingly, the CISO should be considered a contributing member of the executive team in the same way as other C-level colleagues.

While a strong technical acumen is key, successful CISOs will hone their communication skills to engage in discussions with line-of-business leaders and the Board to truly understand how the company operates and learn what is important to them. Having this knowledge contributes to creating the security strategy and roadmap for minimizing risk and building cyber resilience into ongoing security practices.

Building a Strong Security Team

The security team’s role in protecting the organization’s identifiable health, financial, and business-confidential information cannot be understated. It takes a strong leader (CISO) who is empowered by the C-suite and unencumbered by political influence to effectively balance the threats, vulnerabilities, and risk to make the best recommendations for the organization.

The security team must bring its A game every day. Leaders should cultivate a security team based on integrity and trust; lead by example by establishing a mission, vision, and core values for the security team; and communicate these in multiple ways throughout the organization.

Modern security teams establish partnerships across the organization, which help ensure success across the enterprise and foster security as a value-add to the bottom line. Examples of this include creating a secure software development lifecycle practice (e.g., Application Security) with engineering teams and engaging with legal and procurement teams to ensure that contractual compliance measures encompass protecting the security and privacy of the organization.

Yes, There Is a Bright Side

Now more than ever, it’s important for business leaders, including CISOs and other security leaders, to embrace the opportunities that will build a strong, resilient organization. I’ve joined IntSights to do just that, as well as to serve as a trusted advisor to our customers.

At IntSights, I will help empower your organization to leverage both tactical and strategic threat intelligence by:

  • Forming deep, authentic, and meaningful relationships with your security team as well as the IntSights team

  • Learning about your unique business proposition, values, and risks

  • Understanding your needs and security strategy

  • Partnering with your team to create a vision of risk reduction and inspiring them toward proactive defense capabilities that are based on strategic and tactical intelligence

  • Staying abreast of the cyber threat landscape and learning from IntSights Cyber Threat Intelligence engineers

  • Collaborating with you on matters of cyber defense and security practices in general

  • Articulating the voice of the customer and serving as the bridge between your security team and IntSights

In closing, I’ll leave with you these words on the power of positivity (source unknown): “Staying positive doesn’t mean you have to be happy all the time. It means that even on hard days, you know that there are better ones coming.”

Stay up to Date!

Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.