What are the biggest challenges that a CISO faces today?
The role of Chief Information Security Officer or CISO has been around for 25 years, pioneered Steve Katz 1995, but only seems to have gained traction more broadly over the past 5 - 7 years.
The role has now firmly established itself as an integral part of the corporate hierarchy as enterprises have begun to take security concerns more seriously. Which is understandable as according to the IBM Security Cost of Data Breach Report; the Average cost of a data breach in 2020 was a staggering $3.86 Million.
Some of the key challenges faced by CISO’s and those responsible for a company’s security capability include, but are of course not limited to;
Hackers and Adversarial AI
Very likely near the top spot. Coming from multiple vectors, times and styles. The ol’ game of cat and mouse.
There is a lot a CISO can do to mitigate risk and reduce the possibility of data breaches and system compromise. But that all gets thrown out of the window when an employee unknowingly falls for a phishing scam, clicks on ransomware, introduces Shadow IT etc
Tick box security
Probably the most challenging of all. When a company hires someone to focus on its security capability but isn’t really invested in it, but need to be seen to do something.
In reality in many cases this is down to the board, owners etc not understanding the importance and or impact of security.
Does the CISO join for the challenge and try to manage upwards, educate and make a difference? Or bang your head against the wall and leave like others have in the past.
Lack of Developed Security Professionals
When faced with threats from multiple vectors, a well-developed cybersecurity team poses the most reliable defence to hackers. But Identifying, sourcing, building and retaining that crack commando unit is no easy feat. There is a chronic skills shortage of the very best cyber talent in the industry. The top 25- 30% of talent in the industry have their head down and are well looked after. Combine that with the fact that the traditional methods that most internal talent teams and external recruiters use do not consistently attract this talent in a buoyant market, yet alone in the strange times we find our self in #2020, and it is no surprise that companies struggle and often fail to attract the very best talent .
Since the beginning of the IT services profession, budget allocation, constraints and reductions have always been a challenge. Allocating a budget into something where there is no obvious return can be a hard pill for a board to swallow. But in the case of security- no news is very much good news. Unless of course you have been breached and don’t know it.
Thoughts from an expert:
Robert Rodger, CISO at Butterfield Group.
Security is a team sport.
Often security teams fail as they try to own everything, the we can do it best mentality it creates animosity, is costly, does not scale and will fail. Security is a team game where everyone in an organisation needs to play their part. Enable teams to do their job securely, as a example; provide developers with the tools, knowledge and support to deliver security code and test it themselves. Do the same with the front-line business team, infrastructure folks. Do that and you have delivered one method of scaling security and making it culturally embedded not just a bolt on process.
Alex Radford, CISO at Global Processing Services Ltd
It sounds cheesy, but security really is everyone’s responsibility. It would be great if common sense was common but unfortunately it isn’t. One of the aims today, is to make security as simple as possible for the users to comply with, which means focusing on the core pieces of security such as good access control processes and simplifying the requirements on the users. Mistakes will still happen, and they are an opportunity to learn, but when they do happen having the correct controls to ensure impact is small is helpful for the business.
Good security is not just how many compliance standards have you passed, it needs to be pervasive and ongoing. Achieving standards is a demonstration that the right things are being done, but being secure is more than just the minimum to meet a standard.
Elliot Rose, Member of PA's Management Group
In the current challenging COVID19 conditions we are seeing an increase in attacks as organisations around the world have been forced to divert resources and adopt more porous operating modes. Organisations and employees are working out of habit and employee’s defences can be down, as they adjust to the new ways of working and are having to make significant personal adjustments to daily life in order to operate safely. Increasingly organisations are experiencing a greater number of attempts to ‘socially engineer’ an attack in order to elicit sensitive information. CISOs are under pressure to provide employees with secure collaboration tools and messaging facilities. Communication is also key and business leaders (not just the CISO) need to ensure that employees are fully aware of the increase security risks.
We are also seeing secure remote as a business enabler, driving greater take up of digitisation and reducing costly office overheads. Many organisations are already looking ahead and planning how they can make the most of their investment in secure remote working to grow their business further. That means CISOs need to properly understand the changes in the business that are planned, identifying where cyber security can underpin the changes in a way that is supportive to the business.
David King, RISO at OmnicomMediaGroup
“The Boy that cried Wolf”
We are (or perhaps ‘were’) often accused of being that boy… the one that cried wolf… and we all know how that ended! There is often a disconnect between what we, as security professional, say and what our customers, clients or users expect or hear. In the same way, we are often accused of scare mongering. The GDPR was an example of that “If you don’t do as we say you’ll end up with a massive fine”. We need to get better at telling impactful stories. Why we want the company to part with cash, why people need to do their training, why we need to install more agents on the machines and why we need to monitor the network. Telling the right kinds of stories helps people understand and appreciate what we are doing and why. It’s another way of building trust, and trust is key when you’re trying to develop a culture of security.
- CONTRACT SOC Manager. London / Birmingham. URGENT Immediate role.
REF7847 Contract SOC Manager. SC cleared, London / Birmingham. Initial 3 month Contract. SOC Manager needed to for an URGENT 3-4 month CONTRACT. SC clearance is essential. The project is to aid in the setup, implementation and management of resources to help with the initial stand up stages of a new SOC within a greenfield site. This is a short term contract role whilst a permanent hire is brought on over the coming 3 to 4 months. Experience engaging with and managing client stakeholder relationships as well as 3rd party relationships is critical. The role will involve; setting up, implementing and fine tuning the various initial stages of a SOC environment. Experience establishing and building out technical process / operational capability, managing of technical teams (analysts, engineers and architects, creation of policy / playbooks, fine turning is key. SPLUNK is the tooling of choice… Interviewing immediately. Set up a call with me today on https://calendly.com/chris-holt/arranged-call-with-chris-holt-remote-soc-role Direct contact details Chris.Holt@dclsearch.com or 07884666351
- SPLUNK Level 3 SOC Consultant, SIEM Splunk, London / Birmingham
REF CH7825 Level 3 SOC Consultant, SIEM Splunk, London / Birmingham £55,000 + Level 3 SOC Consultant, SIEM SPLUNK needed. Security Clearance. Permanent role Level 3 SOC Consultant, SIEM SPLUNK needed to join a public sector client. The ability to achieve SC clearance is essential. MUST have experience working with SPLUNK ideally to an Advanced Power User level. Splunk Enterprise Security (ES) knowledge and hands on experience highly desirable. The role will include, but not be limited to; managing and handling incidents end to end, supporting and mentoring level 1 / level 2 staff, supporting the SOC manager in the delivery of the SOC roadmap, engaging with the client stakeholders (other technical teams) as and where needed, use case development, advanced search and reporting etc. The individual MUST currently be living in the UK and be able to achieve UK security clearance. (SC) This is a permanent role To arrange a call with Chris Holt use this calendy link https://calendly.com/chris-holt/arranged-call-with-chris-holt-remote-soc-role Chris.Holt@dclsearch.com
- Aspiring Cyber Partner. Business lead, market maker.
Aspiring Cyber Partner (management consultancy) with Cyber specialism into Healthcare, Utilities and or Public Sector. Working with new and existing clients to help them solve, transform or evolve their cyber capabilities. MUST have; A proven management consultancy background in cyber. A history of identifying and closing new business opportunities. Currently Revenue generating / must be able to demonstrate recent wins. Client facing to board level with international businesses. Team leadership / mentoring experience. Extensive cyber industry experience. Digital transformation, Start-up environments etc. Experienced presenter at industry events, to be the public face of a business / capability. Breadth of knowledge across Cyber security. Service definition / creation. Would consider a senior director with experience delivering the above looking to step up. All conversations kept in confidence. To arrange a discreet call book a time to speak in my diary via https://calendly.com/chris-holt/cyber-partner-call Chris.Holt@dclsearch.com
- Internal Security Auditor, Level 1 Service Provider (ISO27001)
- Upto 65,000 plus benefits
Internal Security Auditor ISO 27001, PCI, needed to join a Cyber team within this expanding Fintech business. The Internal Security Auditor will have end to end responsibility for planning, delivering, remediating any findings etc. Experience working within financial services is highly desirable. This Is a great time to join a newly formed and growing Cyber team within a rapidly expanding fintech, that is taking a major share of its market. We are looking for someone with experience, (but not to be limited to) a mix of Information Security standards, frameworks, audit principles, controls / policies and the management and use of the technical tooling etc. ISO 22301, ISO 27001, NIST Cybersecurity Framework etc An ideal candidate will be working within an end user environment with a cyber consultancy background. Experience taking a company through accreditation is highly desirable Experience managing internal stakeholders, technical teams and external third parties essential Flexible working, but with the ability to get into London. This is an exclusive role to DCL Search & Selection.