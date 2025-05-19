Digital transformation projects and growing availability of technologies like AI and cloud services are improving business operations. However, they also create significant security headaches for CISOs – expanding the attack surface in way that is often difficult to track and manage. Google Cloud established its Office of the CISO to help security leaders counteract this issue, providing specialist advice and support on implementing strong cybersecurity across an expanding digital estate. During the Google Cloud Next 2025 event in April, Infosecurity spoke to Senior Director and Head of the Office of the CISO, Nick Godfrey, about some of the biggest challenges facing security teams today. Godfrey explained why the cloud offers a chance for organizations to become more secure, overcoming alert fatigue in security operations centers and how AI is impacting the industry today.

Infosecurity Magazine: Could you tell us about the set up and work of Google’s Office of the CISO? Nick Godfrey: Five years ago I was hired as one of a number of people to help Google Cloud have CISO to CISO type conversations around the adoption of cloud. Then around four years ago, Phil Venables, CISO of Google Cloud, asked me to build a broader bench called the Office of the CISO. This is a team of people that have experience of being a CISO or another senior security role. We have specialists in various sectors, including from financial services like myself, healthcare, life sciences and pharma and the public sector. The rationale for that cross-sector expertise is that in addition to strong cybersecurity knowledge and understanding of digital transformations and cloud adoptions, in most of these industries we have a working knowledge of the specific regulations and the standard approaches to large-scale technologies. At the Office of the CISO, we focus on the adoption of Google Cloud and helping security teams change the way they think about security to be cloud native. As part of that, we explicitly focus on security transformation because we feel strongly that as part of the cloud you can move yourself to a far better security posture. Cloud is not a risk or a problem to solve, it’s an opportunity to rethink how you do security. There are certain inherent properties of cloud that make it possible to be more secure as long as you take the right steps and transform your organization and reskill your teams. If you do that you are more likely to get better security outcomes than you are with traditional technologies. IM: What feedback have you received from customers of the Office of the CISO, and how have you adapted your approaches as a result? NG: The biggest purpose for our existence is capturing feedback and using it. We have relationships with a very large number of CISOs from the world’s largest companies, so that’s an amazing signal to tune into to understand what’s causing their pain and challenge how we can help with that through our products and solutions. As an example, a lot of CISOs historically have struggled with how to think about the security operations center (SOC) and what technology to use underneath that, what processes to use. Having been in that seat myself it is a difficult space because we have security products sprawled all over the place and there’s a high human toil associated with all that work. It’s also expensive because we’re continuously buying more security products, and it’s very hard for the SOC and CISO to have a good end-to-end understanding of what actually is going on. Read now: Google Cloud: CISOs Demand Simplified Security Tools Amid Growing Tech Complexity Taking all that feedback and working with the Google product teams, you start seeing things come along like Google SecOps. It removed the challenge of managing large amounts of data because it’s a cloud-based SaaS solution. There are a number of good things about the original concept of Google SecOps, but where we’re focused now is how we take those capabilities to the next level, leaning into this problem that CISOs have of millions of alerts, inconsistent visibility across siloed security tools and a heavy demand on employees. We look at that in the round and have announced some things within the Google SecOps platform that are going to help. We call our vision Google Unified Security, which is a set of AI-powered capabilities that aim to reduce the complexity to give the CISO and the SOC visibility end-to-end with everything that is going on. IM: What are the main challenges for CISOs in cloud environments? NG: As I mentioned earlier, cloud comes with a number of inherent properties which lends itself to being more secure. As an example, you can deploy and manage your cloud environments using cloud operations and platform enablement (COPE) – it’s a great big software environment. If you do it well, you can build security into that code and logic that are managing your cloud environments.

