Talking on the changing role of the CISO and the security department internally at the Cloudsec conference in London, Leah MacMillan, SVP global marketing at Trend Micro, asked the panel if the role of the CISO was changing?
Carmina Lees, financial services managing director, Middle East & Africa at Accenture, referred to an instance where devices were compromised by a 15-year-old attacker and the CISO was called in at the weekend to deal with it “and you could hear the sheer panic and stress in her voice on how big it was.”
Martin Borrett, IBM distinguished engineer, and CTO of IBM Security Europe, said that as 2017 was “a major year for malware” he had to spend several weekends working on client sites to help them recover from instances, “and we learned a lot about patching and architectures.”
Looking at the changing role of the CISO, Lees said that CISOs are often tasked with being multi-skilled to be able to keep up with threats and present internally to the board, while Borrett said that “some are figureheads and public symbols, some are fall guys and [some in the] space between.”
Moving on to the subject of the skills shortage, which a poll determined was “the biggest blocker to cybersecurity success this year,” Jane Frankland, CISO advisor, speaker and author, said that there was a need to “do a better job of explaining what cybersecurity is to kids, and go into organizations and understand the transfer of skills” from school to business, and create more ambassadors and evangelists to attract talent.
Asked by MacMillan what the key trends are in new technology, journalist Gary Miliefsky praised innovation for slowing down breaches, as he said he did not like the concept of “hacking back” but he said that the ability to document and record attackers for forensic purposes was positive.
The panel were united on the people aspect. Frankland said she would like to see a focus on people being able to do a better job, outlines on what is required of them to be a competent professional in the industry, and she called for a charter so professionals “can be held accountable.
“I want to see more focus on the people aspect, and equipping them with the tools needed: be they tech or soft skills, as they need a combination of both.”
Concluding on what the role of the CISO will look like in five years, Miliefsky explained that the future CISO will not be “someone in a security silo” but will be integrated with HR, IT and compliance, and integrated with the organization.