Jason Lau, CISO at Crypto.com, was recently appointed to the ISACA Board of Directors for 2023-2024. Infosecurity spoke with Lau about what this new appointment means to him as well as his role as CISO at one of the largest players in the cryptocurrency market today.
Infosecurity Magazine: You joined Crypto.com as CISO in 2018; what has been the most surprising part of your CISO journey to date?
Jason Lau: The most surprising part of my journey has been the rapid evolution of threats in the cryptocurrency industry; the sector has become a high-value target for cyber-criminals because of the potential monetary gain. The dynamic nature of the threat landscape in cryptocurrency requires constant vigilance, industry partnerships for threat intelligence and the ability to adapt to new threats. Yet, with all these challenges, our cybersecurity team’s resilience, dedication and passion has created a security-first culture in the company, which in turn allows us to better protect and safeguard our assets and customers, building trust with our more than 80 million users globally.
IM: What inspired you to join ISACA and become a member of the board of directors?
JL: I have been an active ISACA member for years. I hold the majority of ISACA’s certifications, which have been paramount in my journey as a cyber professional, allowing me to learn and validate my knowledge and experience through credentials.
ISACA's global commitment to advancing IT governance, risk management and overall digital trust, as well as its steadfast dedication to promoting professional growth, strongly resonated with me. The pace at which our field evolves necessitates continuous evolution of knowledge resources for our members, and the appointment to ISACA’s global Board of Directors serves as an invaluable opportunity and avenue for me to serve the ISACA community.
IM: What are you most looking forward to within the new role at ISACA?
JL: I am eager for the opportunity to share my experiences and insights gathered from navigating the landscape of emerging technologies. I will be able to strategically contribute at the highest level and ask questions to better understand organizational challenges faced in such a dynamic industry.
The rapid advancements in areas such as AI, blockchain, fintech and digital transformation have brought about a paradigm shift in the way we perceive and respond to new emerging risks, threats and challenges. Being on the ISACA board allows me to harness these experiences and contribute to the development of innovative strategies, solutions and content for our members.
IM: You're also a member of the Innovation and Technology Committee, what are the topics being discussed in that area that you're most excited about?
JL: I'm intrigued by the broader theme of emerging technologies and their influence across various industries. The dynamic nature of the digital transformation sweeping across businesses globally implies that organizations must continually innovate and adapt to novel technologies, which is no small task. With every new technological adoption, there come inherent risks that need careful navigation.
It's crucial to understand how these evolving trends can be turned into opportunities while minimizing potential risks. At ISACA, we are focusing on helping our members to not just keep pace with these changes, but to understand and leverage them for strategic advantage. Internally, we are also exploring ways to apply these technological advances to enhance our operations, membership offerings and overall value proposition. The challenge and excitement lie in making the most of these opportunities and guiding our members to do the same in this era of unprecedented digital transformation.
IM: As CISO at Crypto.com what are your top priorities relating to cybersecurity?
JL: My top priorities include safeguarding our company and users' assets and personal information, ensuring the integrity of our systems and fostering a culture of security awareness. To this end, we invest in state-of-the-art security technologies and maintain rigorous information security procedures. We are committed to transparency through independent third-party audits, reinforcing digital trust with regulators, partners and customers around the world. This helps to support Crypto.com’s overall strategy to expand through security, compliance and regulatory licenses to advance our mission of Cryptocurrency in Every Wallet.
IM: What are your biggest concerns within cybersecurity today?
JL: The pace at which cyber threats are evolving is a significant concern. Criminals are becoming increasingly sophisticated, employing advanced techniques like AI and machine learning to conduct attacks. Coupled with the exponential growth of IoT devices, which widen the attack surface, we're facing a complex cybersecurity landscape. Additionally, the current global shortage of skilled cybersecurity professionals is another major concern, as it challenges our ability to adequately defend against these threats
“When the leader is well, the positive ripple effects on the team are significant.”
IM: What are the biggest successes that you think the cybersecurity industry is experiencing today?
JL: The cybersecurity industry has seen remarkable progress in several key areas. Over the years, through big data and machine learning, the industry has made substantial advancements in developing sophisticated detection and response mechanisms, fundamentally altering how we manage and respond to security incidents. We’ve seen a dramatic increase in threat intelligence sharing. This increased collaboration strengthens our collective capacity to counteract and respond to threats, improving the overall resilience of our digital ecosystems.
Equally noteworthy is the growing awareness and recognition of cybersecurity's importance at the board and executive level at companies. This signifies a considerable shift in mindset, as cybersecurity is now acknowledged as a critical business issue, not merely a technical one. This paradigm shift has had a profound impact, ensuring strategic decision-making and resource allocation are in alignment with cybersecurity best practices, enhancing the overall security posture of organizations.
IM: If you could give one piece of advice to fellow CISOs, what would it be?
JL: My advice to fellow CISOs is three-fold. First, be mindful of CISO burnout. Given the high-stakes and high-pressure nature of our work, burnout is a very real risk not just for us, but also for our teams. It's crucial to strike a balance between maintaining vigilance and fostering a sustainable working environment. This means encouraging regular breaks, promoting work-life balance and implementing supportive mental health resources. When the leader is well, the positive ripple effects on the team are significant.
Second, many of the CISOs I know are very humble, and it’s important to understand that though we all come from different backgrounds, we should foster open communications and share experiences, as all our journeys to becoming a CISO have many ups and downs. The experience of these journeys provide great insights for fellow CISOs.
Finally, I advocate fostering a culture of growth through knowledge and learning. In our ever-evolving field, continuous learning is not an option but a necessity. Encourage your team members, especially the younger generation, to gain further qualifications and broaden their knowledge. For example, ISACA’s certifications, such as CISM, CISA and CRISC are excellent avenues for growth, enhancing both the individual's and the team's capabilities. By fostering a culture that values wellness and ongoing development, you can enhance your organization's resilience and adaptability in the face of emerging cyber threats.