Inclusion and accessibility: shaping culture and driving business outcomes

I’m grateful to have had an opportunity to continue to learn and contribute to the important discussion on building the culture of diversity, inclusion and accessibility in cyber security.

I like being on panels like this because it gives me an opportunity to share my views and continue to educate myself not only through research but also through lived experiences.

I believe shaping the inclusive culture begins with creating awareness about the barriers to diversity and inclusion. Accessibility is an important consideration. Testing new systems and processes with people with accessibility needs is key to discovering where issues may exist.

The best way to make security more accessible is to engage with the people who interact with it. Treating usability and accessibility together with other security requirements rather than a separate item is useful to ensure it gets built-in from the start.

Developing effective negotiation skills

Negotiation is a core skill that can make or break your success as a CISO.

While technical expertise is important, it’s equally critical to recognise the value of negotiation skills in cyber security leadership. By developing and applying strong negotiation skills, you’ll be better equipped to lead your organisation in an increasingly complex and challenging cyber security landscape.

I recently completed a negotiations workshop by Filip Hron and highly recommend him as a facilitator and his book ‘Negotiations Evolved’. I particularly appreciate his focus on ethics and value creation.

In this blog, I outline how some of the skills can be applied to the cybersecurity context.

More

Navigating the ISO 27001:2022 transition

ISO/IEC 27001:2022 Summary of key changes

ISO 27001 is a widely adopted international standard that sets out systematic and adaptable approach to managing information security. It enables organisations to establish a culture of continuous improvement, staying ahead of emerging threats, and ensuring business resilience in the face of evolving cybersecurity challenges.

A new version of this standard – ISO 27001:2022 – was published on 24 October 2022. I recently led the transition to this version and wanted to share my key takeaways.

More

How to maximise the return on security investment

Not every conversation a CISO is having with the Board should be about asking for a budget increase or FTE uplift. On the contrary, with the squeeze on security budgets, it can be an opportunity to demonstrate how you do more with less.

To demonstrate business value and achieve desired impact, a CISO’s cyber security strategy should go beyond cyber capability uplift and risk reduction and also improve cost performance.

Security leaders don’t have unlimited resources. Significant security transformation, however, can be achieved leveraging existing investment and security resource levels.

More

Economic analysis of high-tech industries

What supply and demand factors are influencing the current industry equilibrium? What types of economies are most relevant for firms in the industry? Will firms with large shares earn above-normal profits?  Are the positions of incumbents “contestable”? Are these industries global or local? Does a firm’s success in one industry yield competitive advantages in others? Do the valuations of individual companies operating in these industries make sense?  How will major technological changes, e.g., 5G and AI, affect the industry and individual firms? What regulatory and legal issues are most relevant? 

These and many other questions were discussed during my semester exchange at the Yale School of Management as part of my Executive MBA program.

More

Applying MBA concepts to cyber security

Source: adapted from Grewal et al (2021)

Following-up on my recent update on starting an Executive MBA, I wanted to share that I’ve reached a milestone in my learning journey; I’m half-way through with six modules completed.

I already wrote about Data Analytics and Decision Making and in this blog I’ll briefly summarise a few other courses I’ve completed and how some of the learnings can be applied to cyber security leadership.

More

Responsible business practice in Technology

To remain competitive, modern technology businesses should take steps to implement responsible business practices that customers, employees and partners expect.

Customers want to purchase products that protect the environment and improve local communities. A useful tool to pursue inclusive growth is a sustainability balanced scorecard.

Below is an example sustainability strategy map I developed for a technology startup.

Sustainability strategy map

For a technology business, environmental impact can be achieved through close examination and streamlining of company’s supply chain, including datacentres and cloud infrastructure providers. Companies could also analyse their software development lifecycles to make it more sustainable.

Achieving financial objectives can produce societal benefits through creating shared value.

Creating shared value

Finally, implementing responsible business practices aligns with UN Sustainable Development Goals (SDGs), specifically SDG9: Industry, Innovation and Infrastructure and SDG17: Partnerships for the Goals.