The IT landscape continues to change, between the growth of the Internet of Things and the increasing frequency and complexity of cyber-threats. Technology is evolving more rapidly than before and we now have vast amounts of data at our disposal. Cybersecurity has previously been seen as an IT issue, but recently it has transformed to become a central business concern, with C-suite roles shifting to align with the change in priorities. Every organization, regardless of industry, needs to consider security a priority if we are to maintain the pace and embrace new technologies. Further, to mitigate risk, CIOs, CISOs and other leaders from the C-suite to the board level need to collaborate within organizations, across industries and throughout government.
With the rise of DevOps and explosion in mobility, the IT world is changing swiftly, often resulting in security becoming an afterthought when it should instead be a central concern. It is essential for CISOs and CIOs to continually advance their knowledge to stay ahead of the game. Learning is a lifelong undertaking for me personally, as it should be for all information security professionals. I am constantly attending tradeshows, meeting with industry experts and discussing hot button issues with my teams, peers and customers, allowing me to keep up to speed with the latest trends, threats and industry developments.
Currently at Venafi, I serve dual roles as CIO and CISO. I have over 30 years of experience, serving in a range of security and IT roles. I have seen IT from most sides; from managing helpdesks, to providing desktop support, to overseeing identity management, production control and capacity planning. This, amalgamated with the last 20 years focused principally in the area of security/compliance, meant it was natural that I should take on the combined role of both CIO and CISO.
Previously, security was not necessarily within the domain of the CIO; in fact, the CIO’s concern was the management of IT infrastructure. This role is now vastly different to how it once looked. In 2016, CIOs have a much greater impact on public perception and to excel at their job individuals are required to be innovative, business-oriented leaders. The challenges confronted by today’s CIO are numerous and the role is continually evolving. In fact, in CIO Magazine’s 2016 State of the CIO report, 88% noted the increasing challenge in their role, while 71% claimed it is difficult to balance innovation and operational efficiency and security. I have experienced that struggle first hand in my current role.
Uniquely, with the responsibilities of both CIO and CISO in my remit, my roles tend to overlap and intermingle. Over the years, cybersecurity has shifted into a C-suite conversation. In my current position, I help CIOs and CISOs fortify their strategies to defend against increasingly damaging and complex cyber-attacks on the trust established by digital certificates and cryptographic keys. I have the dual concern of protecting not only Venafi, but also our staff and clients – a role which I take extremely seriously. Though sometimes challenging (what job isn’t?) I find my role tremendously rewarding. If I could offer some advice to a CIO/CISO aiming to prosper within the cybersecurity industry, I would say:
• Lifelong Learning: Our industry changes incredibly rapidly, so continuous learning and education is a must – especially as the threat landscape continually evolves
• Collaboration: Use your team and your peers to help stay ahead of the newest threats and overcome challenges together. Also make sure that you are surrounded with people smarter than you!
• Communicate, Communicate, Communicate: Networking is critical in our industry. We must work together. Talk to everyone to develop new connections, brainstorm solutions and consider alternative perspectives
• Learn from Success and Failure: In 2016, 100% security is unachievable, but every security breach, vulnerability or cyber-threat presents an opportunity to learn a new lesson. Some things I have done well and others not so well, but I have made sure to learn lessons from both
Since working my way up from the very bottom of the tech ladder, I have had a front row seat to the evolution of the industry, witnessing the development of roles in the past few years. C-suite roles particularly have undergone considerable adjustment in order to facilitate greater collaboration, and now giving a particular focus to cybersecurity. Our current threat landscape requires a collaborative approach to exchanging information and mitigating risk. I am lucky enough to work with a fantastic team of incredibly talented individuals, and when I face issues and want an alternative viewpoint, I regularly use them as a sounding board. If you can’t collaborate with your colleagues, how can you expect your company to succeed? Further, how can we envisage ever beating the bad guys if we don’t fight cyber-threats together?