Tag Archives: CISO

Implementing cyber security strategy

Illustrative example: cyber roadmap

CISOs and security leaders are often called upon to develop a security strategy. It’s an important step to understand what your current state is, in what direction you’re going and the roadmap to get there. It’s also an opportunity to demonstrate how cyber security activities and programs align to business objectives.

There is more to the CISO role than just setting the direction, however. It’s also about execution. As a security leader, it’s key to take ownership of the strategy and deliver on its promise. It’s useful, therefore, to be able to track progress against your objectives and demonstrate to the executive leadership team and the Board the impact the security team is making in enabling the business.

More

Speaking at the Cloud Security Summit Sydney

I had a great day speaking at the Cloud Security Summit on ransomware threats in cloud environments and how they’ve evolved over time. In this discussion I shared tips on the essential elements of a robust ransomware defence strategy in the Cloud and specific steps for incident response planning and recovery strategies.

I also provided recommendations for aligning cloud security measures with an organisation’s existing IT architecture and strategy, and how can businesses ensure this alignment contributes to their overall security posture effectively. Looking towards the future, I also shared my thoughts on evolutions in ransomware threats, and how can organisations prepare themselves for these events.

Cyber security operating model

Designing a target operating model for an organisation is a complex activity. It is important, therefore, to keep it simple initially. At a very high, level, I suggest CISOs start with three key capabilities:

  • Governance, Risk and Compliance
  • Security Architecture
  • Security Operations

These can then be decomposed further, tailoring to the needs of your particular organisation. Understand how each domain interacts with and supports the others, capturing key outcomes and dependencies for each function.

Key security capabilities are supported by Leadership and Governance streams, including Security Strategy, Business Alignment, Integration, Oversight, Optimization, Finance, Security Culture, Program Management, Stakeholder Management and Reporting.

Business as usual activities required to keep the lights on are often neglected when capability uplift is prioritized. For this reason, I placed it in the centre of the diagram, emphasising the ongoing importance of providing consistent security service to your organisation.

The NIST Cybersecurity Framework functions at the intersections of domains aim to illustrate the collaborative nature of the security teams. It’s important to go beyond silos , ensuring frequent interaction with the business as well as within the security department.

Cybersecurity Board reporting – CISO Executive Network

I had a pleasure to participate in the keynote panel discussion on cyber security Board reporting at the CISO Executive Network event in Sydney. It was an insightful discussion where I had a chance to share my views on aligning on Board expectations, developing relationships and tailoring your message for maximum impact.

We also covered common challenges and strategies for winning the Board over as well as good practices for reporting. It was a great opportunity to contribute to the community and learn from my peers in the industry.

CISO’s perspective: a guest lecture at UNSW

As technology becomes increasingly integrated into our daily lives, the importance of cyber security cannot be overstated. Cyber attacks are becoming more sophisticated, and the costs associated with them are rising. This is why it is crucial for businesses and organisations to have a robust cyber security strategy in place.

Recently, I had the opportunity to deliver a guest lecture at the University of New South Wales as part of the Cybersecurity Management and Governance course.

I discussed the importance of having a clear understanding of cyber security threats. I emphasised that cyber threats are constantly evolving, and businesses need to stay vigilant and adapt their security measures accordingly. This means that cyber security is not a one-time fix; it requires continuous effort.

I also spoke about current challenges and opportunities in the field and what skills and ways of thinking are particularly useful. It was a fantastic experience, and I appreciated the chance to share my insights with a group of future cyber security professionals.

Ethical cyber security leadership

Picture an easy Sunday morning. It’s sunny and quiet with only birds chirping outside. You make yourself a cup of coffee and sit on the sofa to catch-up on what’s happening in the world. You open your favourite news site and here it is – first story of the day in large font.

Breaking news: massive data breach! It’s your company in the headline.

This is the modern reality, cyber attacks are becoming increasingly common and it’s no longer a matter of if but when.

How do you manage this PR nightmare? What do you tell the media? Can you regain the trust of your customers and partners?

These are not the questions you want to be thinking about in the middle of a crisis. The real story begins way before that. It starts with responsible data management practices and securing people’s information.

More

I’ve been named as one of top 10 Cybersecurity Leaders in Australia

I am excited to be recognised as one of the Top 10 Cybersecurity Leaders in Australia driving innovation and demonstrating business value. Although relatively new to Australia, I had the opportunity to use my global experience to address key cybersecurity challenges within the Financial Services sector.

A massive thank you to my team – it’s a privilege to lead such high performing and dedicated individuals and be able to build a cutting-edge cyber capability. Congratulations to all the award winners!

Financial benefits of cyber security

How can security support the business? To answer this question in financial terms, I outline two sides of the story. On one hand, CISOs can demonstrate positive impact on the EBITDA through elevating security capabilities. On the other hand, we can list potential downsides of poor security practices from both revenue and cost perspectives.

It’s not about carrots and sticks, it’s about seeing the full picture of opportunity and risk.

More