Transformation of a CISO from a Governance role to that of a business enabler
2020 - A year of transformational Changes
With the pandemic raging last year and everyone shifting to remote working, the role of the CISO just became more complex. Most of the Organizations could not do an orderly transition plan to the new way of working and the threat landscape for the CISO just became larger.
With the business continuity in picture the CISOs had a envious task in managing the requirements from the business to enable smooth remote working andalso get their job done in protecting the assets and ensuring data security.
With the rise in Digital Transformationin the recent times and thanks to Covid where this has accelerated, the transformation has led to an number of challenges for the security professionals, some of which are
- Protecting the data on the end points.
- Unmonitored systems (Shadow IT)
- The rise of cloud and the challenges that it brings in protecting the data
- Employees who are not well aware of the Organizations security policies are seen as one of the biggest threat to any organization, this gains prominence with almost everyone working remotely.
Considering the risks which has increased with the a fundamental change in the way people work, CISOs are facing more scrutiny and questions on the overall state of security from the CEOs and Board.
A fundamental shift in theway a CISO works
The role of the CISO has moved from an reporting one to that of partnering with the business in understanding their requirements and embedding security in the complete development lifecycle. Governance and Risk are still the main stay of the CISOs role but this is done while enabling the business to function is a secure way. Some of the areas where the CISO should focus are
- Make Employees security aware and provide continuous awareness on secure working
- Embed Information Security in the complete development lifecycle
- Invest, Invest and investmore in latest areas of AI and ML in information security to proactively stop a threat rather than react to it
- Be completely aware of the lay of the land.
- Invest in talent, Upskill your existing employees to ensure that they catch up with the latest trends and technologies
- Reimagine your SOC, ensure that they can remotely monitor and remediate any threat in a effective manner.
Looking Beyond the Pandemic
2021 will be seen as a transformative year where Board of Directors spend a lot more budget to enhance the security of the Organization and CISOs are expected to play a role of business enablers, Keeping in mind the business need and balancing the needs of Information security which is necessary to ensure that the Information is secured. The CISOs are expected to know the lay of the land at the back of their mind and their job is no longer just to protect against threats and manage risk; they are now expected to play a crucial role in managing brand perception, employee engagement and the strategic adoption of new technologies. The CISO would be an integral part of the Board and are expected to play a proactive and Pivotal role in ensuring that the reputation of the brand name is not impacted due to asecurity incident.
Dan Patefield
Dan Patefield
Dan leads the techUK Cyber Security programme, having originally joined techUK in August 2017 as a Programme Manager working across the Cyber and Defence programmes. He is responsible for managing techUK's work across the cyber security eco-system, bringing industry together with key stakeholders across the public and private sectors. Dan also provides the industry secretariat for the Cyber Growth Partnership, the industry and Governmnet conduit for supporting growth across the sector. A key focus of his work is to strengthen the public-private partnership across cyber security to support further development of UK cyber security policy.
Before joining techUK he worked as Forum Lead for the Westminster eForum. In this role he had a focus on the technology and telecoms space, on issues ranging from Broadband and Mobile Infrastructure, the Internet of Things, Cyber Security, Data and diversity in tech. Dan has a BA in History from the University of Liverpool.
- Email:
- [email protected]
- Phone:
- 020 7331 2165
Jill Broom
Jill Broom
Jill is techUK’s Programme Manager for Cyber Security, working across the cyber eco-system to bring industry together with key stakeholders across the public and private sectors.
Prior to focusing in on techUK's cyber security work, Jill was also part of techUK's Central Government programme team, representing the supplier community of technology products and services to Whitehall departments.
Before joining techUK, Jill worked as a Senior Caseworker for an MP, advocating for local communities, businesses and individuals, so she is particularly committed to techUK’s vision of harnessing the power of technology to improve people’s lives. Jill is also an experienced editorial professional and has delivered copyediting and writing services for public-body and SME clients as well as publishers.
- Email:
- [email protected]
- Twitter:
- @honeybroom
- Website:
- www.techuk.org
- LinkedIn:
- https://www.linkedin.com/in/jill-broom-19aa824
Annie Collings
Annie Collings
Annie joined techUK as the Programme Manager for Cyber Security and Central Government in September 2023.
Prior to joining techUK, Annie worked as an Account Manager at PLMR Healthcomms, a specialist healthcare agency providing public affairs support to a wide range of medical technology clients. Annie also spent time as an Intern in an MPs constituency office and as an Intern at the Association of Independent Professionals and the Self-Employed.
Annie graduated from Nottingham Trent University, where she was an active member of the lacrosse society.
- Email:
- [email protected]
- Twitter:
- anniecollings24
- LinkedIn:
- https://www.linkedin.com/in/annie-collings-270150158/
