In the ever-evolving landscape of cybersecurity, continuous learning is not just an option but a necessity for Chief Information Security Officers (CISOs). Learning from a network of your peers is critical to this constant knowledge gathering.
To support CISOs in this challenging journey, Infosecurity has curated a collection of the most valuable tips and guidance from leading cybersecurity professionals and experts we've interviewed throughout 2024.
Moving the Needle
Jason Manar, CISO, Kaseya
“If there’s one piece of advice that I can give to other cybersecurity practitioners, focus on those things that are going to move the needle the most in that moment. Look at those in the next month, three months, find the next biggest needle mover, and then go after that. Continue to do that repeatedly.
After you’ve done that for a year, take a look back at what you’ve accomplished. See if you’re better off with that model than if you had just been head down in tactical work. If the answer is yes, continue to do it over and over again.
I have personally found that approach to be extremely useful in my career, and I know other security leaders who have told me they have found it to be very helpful as well, and oftentimes will look back and be amazed at what they were able to get done in six months or a year’s time.”
The Less Complex, the Better
Tom-Martijn Roelofs, Global Head of Security Strategy and Data at the CISO department, ING Bank
“Reducing complexity. Both from a security point of view but also what you're trying to protect as a landscape. The better structured and standardized, the easier to protect. Hopefully CISOs will also have an open ear for that with their CIOs and CEOs.”
Plan for the Future
Jason Clinton, CISO, Anthropic
“Everything in in this field is changing so fast that there simply is not a book that I can point somebody to and tell them ‘this is what's happening in AI, read this book and you'll be informed’.
The only way to stay up to speed is to engage with YouTube channels or podcasts that are catching updates live.
If you're a practitioner in this field right now and you want to stay abreast of how AI is going to be affecting your field, you have to go out and seek an understanding of what's happening.
Don't plan for what exists today. Go out there and find out what's coming and then plan for what's going to be in the field in two years.”
Continue Your Education
Jerry Geisler, SVP and Global CISO, Walmart
“Be a lifelong learner. I think it’s important at every level of the organization to not allow yourself to become static. Become a lifelong learner of technology and information security and also whatever business or organization you are serving. You’ve got to constantly be in that learning mode to ensure you understand where your business or organization is headed. That’s critical for anybody to be successful.”
Encourage and Inspire
Megan Poortman, Head of Cyber Security, Gatwick Airport
“Cyber has a massive talent shortage. My advice to CISOs is to use your voice and status to reach out to your local schools, colleges and universities to advertise cyber as a career.
Cybersecurity is no longer a dark art, we can use our voices to promote it and encourage people from a young age that it can be a really great career path.
Another element of this is encouraging diversity across the board. Young people often perceive cyber as a very tech focused career path. Now, with the cyber mapping of careers, you can see how there’s so many other avenues for creative paths.
It’s about inspiring young women as well as young men. We need to have that diversity of talent to get creative people and minds who are going to try and understand the attackers’ mindset.
It’s also about educating the generation of parents who are going to bring up the next generation of children that cyber is a good career.
It’s being an advocate for cyber, emphasizing it’s not just about being behind a screen coding and pen testing. That’s my challenge for CISOs.”
Understand your Network
Friedemann Kurz, Porsche Motorsport’s Head of IT
“It's key to have a pretty simple and straightforward overview on what's going on in the network, not just with real threats, but also in general.
For example, there might be a lot of things going on in the network traffic that is created during a race weekend that we don't want to have in our network. It could be protocols. It could be application services that we don't want because they are blocking bandwidth or maybe it is a non-trusted solution.
That's where the security platform starts to detect that. We need to be in a position to identify not just the threats but also the behaviors we don't want on our network.
Then, if there are real threats incoming, I as the manager or people operating the systems need to be able to have a quick overview and decide on how critical it is to take action immediately. This decision process needs to take a second at most not to be disturbing the services.”
Be Part of the Solution
Gina Gobeyn, Executive Director, PCI Security Standards Council (PCI SSC)
“Get involved in a collaborative way with the industry. Working together is so important. So much of the success we have had at the PCI SSC over the years is because we got the right people in the room to collaborate on tough challenges.
For anyone in the payments industry, we would invite them to join our Participating Organization program and become part of our wonderful global community. My message to them would be that we need you more than ever. Be part of the payment security solution.”
Don’t Bury Your Head in the Sand
Luke Kiely, Group CISO, GetBusy
I'll give you a few. Be more engaged with the workforce, more transparent with your partners, suppliers and customers, and more flexible and adaptable.
Last but not least, don't get into the habit of hiding risk.”