Executive Viewpoint – CISO Empowerment

Posted on 03/11/2021 by vmwareemeasmt

By Tom Kellermann, Head of Cybersecurity Strategy for VMware

Being a CISO is like being a wildland firefighter surrounded by arsonists. This stark reality is compounded by internal politics within the  IT department.  In the absence of greater authorities, internally it can feel like you are climbing a mountain on a daily basis. CISO’s who care deeply about their organization’s security are still marginalized due to a failure in corporate governance. The constant fight for resources and authorities within in an organization is due to an outdated reporting structure wherein the majority of CISO’s report to the CIO.

Defensive coordinators shouldn’t report to offensive coordinators.

In 2021 cyber cartels are hijacking the digital transformation of corporations and escalating intrusions by leveraging destructive attacks. The global insurgency underscores the immediate need for CISOs to be empowered.

Here is a ten-step strategy to bolster and strengthen your position as CISO:

  1. Learn the business of your organization and translate cyber risk to business risk.

  2. Befriend your General Counsel and explain how cybersecurity is a “duty of loyalty”. Explain why worst case scenario has changed to the digital transformation that will be hijacked and used to attack our customers and partners.

  3. Consolidate your security tools and ensure they are integrated.

  4. Decrease dwell time and raise Board awareness by conducting weekly threat hunts.

  5. Join the Advisory Board of your top two security vendors and influence their designs.

  6. Write monthly concise reports for your Board which include imagery.

  7. Bring in external cyberthreat experts to brief your Board on industry specific cyber-attack campaigns on a quarterly basis.

  8. Participate in your regional cyber fraud taskforce.

  9. If you don’t have the personnel or capacity to manifest your security vision, hire an MDR firm who specializes in your industry.

  10. Speak at the major cybersecurity conferences and develop your personal brand.

These ten tactics will empower you. Cybersecurity can no longer be viewed as an expense but rather a functionality of conducting business. This is about brand protection. I hope this is the beginning of a historic journey for the CISO community.

“Not all the armies of the history of the world can stop an idea whose time has come.” – Victor Hugo.


Category: News & Highlights

Tags: , ,

Related Articles

Posted on 03/03/2021 by vmwareemeasmt

Software: The new front line of defence

Michael Crowley, Head of EMEA Defence, VMware  Today, technology is the foundation for military strategies around the world. It allows nations to field the most potent forces possible by better combining resources, both economic and human. And, for a part of national infrastructure that relies on rigid discipline and organisation, disruption is the name of the […]

Posted on 22/07/2020 by vmwareemeasmt

What You Missed from the Unified IT and Security Twitter Chat

This week, VMware VP Joe Baguley hosted a Twitter Chat alongside Senior Director Jeremy van Doorn and Forrester’s Jeff Pollard to discuss how security tasks are moving more and more towards a shared model across teams. Catch up here.

Posted on 08/10/2019 by vmwareemeasmt

Ten exciting years at VMware, more to come

Sylvain Cazard, Vice Président EMEA Software Defined Data Center, Networking and Security at VMware. 2 weeks ago, I celebrated my ten year anniversary at VMware. I wanted to take the opportunity to reflect on my personal journey at the company and why I believe that VMware is still far and away one of  the best […]

Comments

No comments yet

Add a comment

Your email address will not be published.

This site uses cookies to improve the user experience. By using this site you agree to the privacy policy