The Next Great Challenge for CISOs
I am honored to be recognized! Cybersecurity is truly a team effort at a strategic level, either we all work together or the threats will tear us down piecemeal! Every person, no matter their role, can play an important part in making digital technology trustworthy and keeping the Internet secure, private, and safe.
The document discusses the challenges of hiring the right Chief Information Security Officer (CISO) for financial services firms. It notes that the CISO role is still evolving and there is no consensus on the required qualifications. It recommends that firms clarify the CISO role and their security needs by making cybersecurity a board-level priority, assessing their current security posture and vulnerabilities, and evaluating their security culture. Taking these steps will help firms define the right profile for their next CISO candidate.
The document discusses cybersecurity risks that boards of directors must address. It provides advice from seven cybersecurity experts on how boards should implement an effective risk management framework to detect threats, ensure early detection and monitoring, and develop robust recovery plans. The experts emphasize the importance of understanding a company's critical digital assets, supply chain risks, and continuously educating all levels of the organization on cybersecurity issues.
This white paper discusses the challenges of hiring the right Chief Information Security Officer (CISO) and provides recommendations to improve the hiring process. It notes that the CISO role is still evolving and most executives do not fully understand the role's responsibilities. It recommends that companies clarify the CISO role by making cybersecurity a board-level priority, assessing current security strengths and weaknesses, and evaluating organizational security culture to identify needed CISO skills. Taking these steps will help companies define CISO job requirements and find candidates best suited to their specific cybersecurity needs.
40 under 40 in cybersecurity. top cyber news magazineBradford Sims
This document is a magazine highlighting outstanding cybersecurity professionals from around the world. It contains short profiles and articles on various topics in cybersecurity.
The opening includes an introduction from the editor highlighting remarkable cybersecurity talents from 19 countries working to build a safer digital future. There are then several articles on topics like the growing skills shortage in cybersecurity and the importance of training "cyber warriors" to work on the front lines of security. Other pieces discuss the ongoing challenges in cybersecurity and hope that more cross-disciplinary approaches can be brought to improve the field. The magazine serves to both recognize top professionals and discuss important issues in cybersecurity.
This document is a magazine highlighting outstanding cybersecurity professionals from around the world. It contains short profiles and articles on various topics related to cybersecurity.
The magazine includes an editorial emphasizing the need for cybersecurity training focused on front-line roles to address skills shortages. It also contains articles on the importance of raising public awareness of cybersecurity, seeing cybersecurity as a journey rather than a destination, integrating other fields like psychology into cybersecurity, and taking a business-first approach to cybersecurity. The magazine profiles 19 cybersecurity professionals from different countries and continents working to create a more secure digital future.
This document discusses the growing demand for cybersecurity talent and leaders. It summarizes:
1) The demand for cybersecurity professionals and leaders is unprecedented due to a growing number of cyber attacks on major companies and the high costs of data breaches.
2) There is a limited pool of qualified candidates with both technical cybersecurity skills as well as business experience to take on strategic leadership roles.
3) Recruiters report intense competition for top cybersecurity talent as companies scramble to improve their defenses, driving up salaries. Many key cybersecurity roles go unfilled.
The document discusses the challenges of hiring the right Chief Information Security Officer (CISO) for financial services firms. It notes that the CISO role is still evolving and there is no consensus on the required qualifications. It recommends that firms clarify the CISO role and their security needs by making cybersecurity a board-level priority, assessing their current security posture and vulnerabilities, and evaluating their security culture. Taking these steps will help firms define the right profile for their next CISO candidate.
The document discusses cybersecurity risks that boards of directors must address. It provides advice from seven cybersecurity experts on how boards should implement an effective risk management framework to detect threats, ensure early detection and monitoring, and develop robust recovery plans. The experts emphasize the importance of understanding a company's critical digital assets, supply chain risks, and continuously educating all levels of the organization on cybersecurity issues.
This white paper discusses the challenges of hiring the right Chief Information Security Officer (CISO) and provides recommendations to improve the hiring process. It notes that the CISO role is still evolving and most executives do not fully understand the role's responsibilities. It recommends that companies clarify the CISO role by making cybersecurity a board-level priority, assessing current security strengths and weaknesses, and evaluating organizational security culture to identify needed CISO skills. Taking these steps will help companies define CISO job requirements and find candidates best suited to their specific cybersecurity needs.
40 under 40 in cybersecurity. top cyber news magazineBradford Sims
This document is a magazine highlighting outstanding cybersecurity professionals from around the world. It contains short profiles and articles on various topics in cybersecurity.
The opening includes an introduction from the editor highlighting remarkable cybersecurity talents from 19 countries working to build a safer digital future. There are then several articles on topics like the growing skills shortage in cybersecurity and the importance of training "cyber warriors" to work on the front lines of security. Other pieces discuss the ongoing challenges in cybersecurity and hope that more cross-disciplinary approaches can be brought to improve the field. The magazine serves to both recognize top professionals and discuss important issues in cybersecurity.
This document is a magazine highlighting outstanding cybersecurity professionals from around the world. It contains short profiles and articles on various topics related to cybersecurity.
The magazine includes an editorial emphasizing the need for cybersecurity training focused on front-line roles to address skills shortages. It also contains articles on the importance of raising public awareness of cybersecurity, seeing cybersecurity as a journey rather than a destination, integrating other fields like psychology into cybersecurity, and taking a business-first approach to cybersecurity. The magazine profiles 19 cybersecurity professionals from different countries and continents working to create a more secure digital future.
This document discusses the growing demand for cybersecurity talent and leaders. It summarizes:
1) The demand for cybersecurity professionals and leaders is unprecedented due to a growing number of cyber attacks on major companies and the high costs of data breaches.
2) There is a limited pool of qualified candidates with both technical cybersecurity skills as well as business experience to take on strategic leadership roles.
3) Recruiters report intense competition for top cybersecurity talent as companies scramble to improve their defenses, driving up salaries. Many key cybersecurity roles go unfilled.
Norman Broadbent Cybersecurity Report - How should boards respondLydia Shepherd
The document discusses how boards should respond to cybersecurity risks. It argues that boards need to make cybersecurity a priority and share responsibility for setting the cybersecurity agenda. The CIO should play a key advisory role to the board on technology implications, and boards may benefit from appointing a technology expert to the board. If the CIO is not board-ready, companies should consider elevating the CIO role or creating a Chief Risk Officer role to address cybersecurity at the board level.
Digital has increased businesses’ cybersecurity risk – and yet few have elevated security to a senior leadership concern, according to our recent research. Here’s what businesses are thinking about cybersecurity, and a framework for strengthening their security strategies.
How close is your organization to being breached | Safe SecurityRahul Tyagi
This document discusses the need for organizations to quantify their digital business risk and cybersecurity posture using mathematical models. It introduces SAFE, a unique method developed by MIT researchers to measure an organization's cyber risk using a Bayesian network and machine learning. SAFE analyzes data from various sources to provide a breach likelihood score between 0-5, indicating how likely a breach is in the next 12 months. It also demonstrates how SAFE could have helped detect and prevent a recent ransomware attack on a large shipping company.
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
The document discusses an interview with James Christiansen, VP of Information Risk Management for Optiv Security, which was formed from the merger of Accuvant and Fishnet Security. Christiansen discusses how the role of CISO is changing to focus more broadly on information risk management (CIRO). He emphasizes the importance of aligning cybersecurity spending with business objectives and risk exposure. In an ideal security program, there would be clear governance, reporting to the executive team, and balance between protective measures, visibility, and incident response capabilities. The document ends by discussing questions boards should ask executives about cybersecurity risks and oversight of the security program.
BIZGrowth Strategies - Cybersecurity Special EditionCBIZ, Inc.
Cyberattacks are becoming more frequent and sophisticated, making a recovery from them increasingly difficult. Without preparation, a cyberattack can be devastating to your business, having severe operational, financial, legal and reputational implications.
The prevalence of cyber breaches also means cybersecurity is no longer solely an IT concern. Elevating your information security from functional to effective takes a robust set of elements, processes and people working together toward a common goal.
Our professionals have developed these articles and resources to help you protect your organization from these attacks.
Raise The Cybersecurity Curtain!
With a clear grasp of systems theory and revelation of pervasive, persistent, and resilient interconnectedness, I set out on the journey to interact with 100 "best of the best" Cybersecurity / Information Security professionals to learn about their own EXPERIENCES and gain INSIGHTS from their personal perspectives.
I was truly blessed to have had a wide variety of insightful conversations with leaders who are serving their organizations at various levels.
I sincerely wanted to expand the impact of the lessons I learned from these interactions by sharing them with Cybersecurity enthusiasts around the globe - people who are paving their own way towards a successful Cybersecurity career.
I hope readers will gain insights into how they can guide their career path to the success they desire and benefit the global security community through their unique contributions.
Francis Kaitano Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015CSO_Presentations
This document discusses the importance of cyber security leadership in today's digital world. It notes that cyber attacks could cost the global economy trillions and slow innovation. The costs of data breaches are rising for businesses. Hackers and criminals increasingly target small to medium organizations. The document advocates for all business leaders, including CEOs and CISOs, to make cyber security a strategic priority. It argues that weaving cyber security into core business decisions will help create a sustainable security model for the future. Overall, smart leadership that understands evolving cyber threats is key to business success and resilience.
The 10 Most Influential People in Cyber Security, 2023.pdfCIO Look Magazine
This edition features a handful of the Most Influential People in Cyber Security that are leading us into a better future
Read More: https://ciolook.com/the-10-most-influential-people-in-cyber-security-2023-january2023/
- Cybersecurity spending has grown significantly over the past decade, from $3.5 billion in 2004 to an estimated $120 billion in 2017, driven largely by increasing cybercrime.
- Many large companies have significantly increased their cybersecurity budgets in response, including Bank of America which has an unlimited budget for cybersecurity, JPMorgan Chase which doubled its budget to $500 million, and Microsoft which invests over $1 billion annually.
- However, small and medium businesses are particularly vulnerable as they bear 72% of cyber attacks but often lack the resources of larger companies to implement robust cybersecurity programs. Highground Cyber aims to help small and mid-market CEOs protect their companies through comprehensive cybersecurity solutions.
We found that while cyber security was named as the topmost future tech adoption for organizations in 2019, cyber security is now the second tech priority for 2021 but with a higher budget than previously allocated. We also discovered that cloud security currently holds more importance with CISOs, CTOs and CIOs than data security and privacy.
This document discusses managing information and technology risk in a changing business environment. It argues that managing risk is now vital to maximizing commercial potential and protecting brands and reputations from cyber threats. However, security strategies must be flexible to adapt to new technologies and business models. Effective risk management requires assessing realistic threats, prioritizing risks, and presenting risks in a business context. It also requires accounting for changing business dynamics and integrating risk management across the organization rather than taking a siloed approach.
Internal or insider threats are far more dangerous than the external - bala g...Bala Guntipalli ♦ MBA
- Internal threats are more dangerous than external ones, as 60% of attacks in 2016 were by insiders with malicious or negligent intent. Healthcare, manufacturing, and financial services are most at risk due to valuable personal data.
- Electronic medical records can be worth over $1300 each to hackers, who can use stolen health information to commit lifetime blackmail or fraud. Insider threats are the largest risk.
- There are many approaches to minimize potential insider threats, including strict access controls, monitoring for anomalies, social engineering tests, awareness training, and separating duties. Prioritizing security is crucial to protect valuable data and systems from internal and external threats.
Matt_Cyber Security Core Deck September 2016.pptxNakhoudah
The document discusses trends in the cyber security market and the chief information security officer (CISO) role. It notes the growing threat of cyber attacks and increasing importance of the CISO position. The CISO role has evolved from a technical role to require business skills to communicate cyber risk to executives. The document also discusses cyber security organization structures, emerging CISO profiles, and competencies for different types of CISOs. Finally, it briefly mentions the talent implications of digital transformation, including new roles in data analytics and existing roles requiring digital skills.
Today, the delegation of risk decisions to the IT team
cannot be the only solution and has to be a shared
responsibility. The board and business executives are
expected to incorporate the management of cyber risk
as part of their business strategy since they are
accountable to stakeholders, regulators and
customers. For the CROs, CISOs, and Security and Risk
Management Professionals to be on the same page,
there has to be a single source of truth for
communicating the impact that cyber risk has on
business outcomes, in a language that everyone can
understand.
The document discusses findings from a 2013 IBM study on the role of Chief Information Security Officers (CISOs). Key findings include:
- More mature security leaders focus on strategy, policies, education, risks, and business relations.
- Leaders build trust by communicating transparently and frequently.
- Foundational security technologies like identity and access management are still important.
- Mobile security has significant attention and investment.
- Metrics are used more for budgets than risk, and need to be translated to business language.
The challenges security leaders face include managing diverse stakeholder concerns, improving mobile security policy not just technology, and translating metrics to business impact. More strategic, risk-focused security leadership is emerging as the new standard
The document summarizes the key findings from a survey of 500 large enterprises in India on information security trends for 2014. Some of the main findings include:
- Organizations will spend more on security in 2014, with many planning to increase their security budgets.
- Office applications present the largest security concern, with 76% of respondents saying they are vulnerable to external attacks. 72% also expressed concern about the security of their network infrastructure.
- Organizations need both strategic and tactical security solutions to address emerging threats. They must take a holistic approach involving people, processes, and technology.
The Trailblazing Cybersecurity Leaders to Watch in 2024 (1) (1).pdfCIO Look Magazine
A distinguished executive in enterprise technology, cybersecurity, and services, Simon Chassar has an impressive track record spanning over two decades. Boasting international experience, Simon has been at the forefront of leading sales and business operations in the SaaS, software, hardware, and IT sectors.
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
This document discusses the need for organizations to shift from a prevention-focused approach to cybersecurity to one focused on rapid detection and response. It notes that most organizations have mean times to detect threats of weeks or months, leaving critical systems vulnerable. The document introduces the concept of security intelligence and outlines a threat detection and response lifecycle that organizations should optimize to reduce their mean time to detect and respond to threats. This involves processes like discovering threats, qualifying them, investigating incidents, and mitigating risks.
Four mistakes to avoid when hiring your next security chief (print version ...Niren Thanky
1) The document discusses 4 common mistakes companies make when hiring a chief information security officer (CISO).
2) These mistakes include shortchanging the risk expertise required, having an improper reporting structure, overemphasizing cyber qualifications, and waiting too long to hire the "perfect" security leader.
3) The role of a CISO has become more complex and strategic, requiring an enterprise-wide understanding of cyber risks rather than just a tactical focus on technology.
Improving Healthcare Risk Assessments to Maximize Security BudgetsMatthew Rosenquist
Healthcare is undergoing major changes
that are being driven by medical, consumer,
IT, and security trends. While these trends
deliver compelling benefits to healthcare
organizations, workers, and patients, they
also carry significant privacy and security
risks. Healthcare organizations are seeing an
escalation in the frequency and impact of
security compromises, driving a corresponding
increase in healthcare privacy and security
regulation at the national and local levels.
This paper looks at how healthcare organizations can better optimize and focus their
privacy and security efforts and budgets
through risk assessments designed to
identify, characterize, and address the most
serious threats and the agents behind them.
Six Scenarios How Russia May Use Nukes: Discussion of the unthinkable — The scenarios for Russia to use nuclear weapons.
Russia's war against Ukraine is raising the risks to everyone. It is not a pleasant topic, but one which we must understand for no other reason than we need to be purposeful in watching for indicators that may lead down one of these paths, so we might have the best opportunity in avoiding nuclear tyranny.
Norman Broadbent Cybersecurity Report - How should boards respondLydia Shepherd
The document discusses how boards should respond to cybersecurity risks. It argues that boards need to make cybersecurity a priority and share responsibility for setting the cybersecurity agenda. The CIO should play a key advisory role to the board on technology implications, and boards may benefit from appointing a technology expert to the board. If the CIO is not board-ready, companies should consider elevating the CIO role or creating a Chief Risk Officer role to address cybersecurity at the board level.
Digital has increased businesses’ cybersecurity risk – and yet few have elevated security to a senior leadership concern, according to our recent research. Here’s what businesses are thinking about cybersecurity, and a framework for strengthening their security strategies.
How close is your organization to being breached | Safe SecurityRahul Tyagi
This document discusses the need for organizations to quantify their digital business risk and cybersecurity posture using mathematical models. It introduces SAFE, a unique method developed by MIT researchers to measure an organization's cyber risk using a Bayesian network and machine learning. SAFE analyzes data from various sources to provide a breach likelihood score between 0-5, indicating how likely a breach is in the next 12 months. It also demonstrates how SAFE could have helped detect and prevent a recent ransomware attack on a large shipping company.
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
The document discusses an interview with James Christiansen, VP of Information Risk Management for Optiv Security, which was formed from the merger of Accuvant and Fishnet Security. Christiansen discusses how the role of CISO is changing to focus more broadly on information risk management (CIRO). He emphasizes the importance of aligning cybersecurity spending with business objectives and risk exposure. In an ideal security program, there would be clear governance, reporting to the executive team, and balance between protective measures, visibility, and incident response capabilities. The document ends by discussing questions boards should ask executives about cybersecurity risks and oversight of the security program.
BIZGrowth Strategies - Cybersecurity Special EditionCBIZ, Inc.
Cyberattacks are becoming more frequent and sophisticated, making a recovery from them increasingly difficult. Without preparation, a cyberattack can be devastating to your business, having severe operational, financial, legal and reputational implications.
The prevalence of cyber breaches also means cybersecurity is no longer solely an IT concern. Elevating your information security from functional to effective takes a robust set of elements, processes and people working together toward a common goal.
Our professionals have developed these articles and resources to help you protect your organization from these attacks.
Raise The Cybersecurity Curtain!
With a clear grasp of systems theory and revelation of pervasive, persistent, and resilient interconnectedness, I set out on the journey to interact with 100 "best of the best" Cybersecurity / Information Security professionals to learn about their own EXPERIENCES and gain INSIGHTS from their personal perspectives.
I was truly blessed to have had a wide variety of insightful conversations with leaders who are serving their organizations at various levels.
I sincerely wanted to expand the impact of the lessons I learned from these interactions by sharing them with Cybersecurity enthusiasts around the globe - people who are paving their own way towards a successful Cybersecurity career.
I hope readers will gain insights into how they can guide their career path to the success they desire and benefit the global security community through their unique contributions.
Francis Kaitano Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015CSO_Presentations
This document discusses the importance of cyber security leadership in today's digital world. It notes that cyber attacks could cost the global economy trillions and slow innovation. The costs of data breaches are rising for businesses. Hackers and criminals increasingly target small to medium organizations. The document advocates for all business leaders, including CEOs and CISOs, to make cyber security a strategic priority. It argues that weaving cyber security into core business decisions will help create a sustainable security model for the future. Overall, smart leadership that understands evolving cyber threats is key to business success and resilience.
The 10 Most Influential People in Cyber Security, 2023.pdfCIO Look Magazine
This edition features a handful of the Most Influential People in Cyber Security that are leading us into a better future
Read More: https://ciolook.com/the-10-most-influential-people-in-cyber-security-2023-january2023/
- Cybersecurity spending has grown significantly over the past decade, from $3.5 billion in 2004 to an estimated $120 billion in 2017, driven largely by increasing cybercrime.
- Many large companies have significantly increased their cybersecurity budgets in response, including Bank of America which has an unlimited budget for cybersecurity, JPMorgan Chase which doubled its budget to $500 million, and Microsoft which invests over $1 billion annually.
- However, small and medium businesses are particularly vulnerable as they bear 72% of cyber attacks but often lack the resources of larger companies to implement robust cybersecurity programs. Highground Cyber aims to help small and mid-market CEOs protect their companies through comprehensive cybersecurity solutions.
We found that while cyber security was named as the topmost future tech adoption for organizations in 2019, cyber security is now the second tech priority for 2021 but with a higher budget than previously allocated. We also discovered that cloud security currently holds more importance with CISOs, CTOs and CIOs than data security and privacy.
This document discusses managing information and technology risk in a changing business environment. It argues that managing risk is now vital to maximizing commercial potential and protecting brands and reputations from cyber threats. However, security strategies must be flexible to adapt to new technologies and business models. Effective risk management requires assessing realistic threats, prioritizing risks, and presenting risks in a business context. It also requires accounting for changing business dynamics and integrating risk management across the organization rather than taking a siloed approach.
Internal or insider threats are far more dangerous than the external - bala g...Bala Guntipalli ♦ MBA
- Internal threats are more dangerous than external ones, as 60% of attacks in 2016 were by insiders with malicious or negligent intent. Healthcare, manufacturing, and financial services are most at risk due to valuable personal data.
- Electronic medical records can be worth over $1300 each to hackers, who can use stolen health information to commit lifetime blackmail or fraud. Insider threats are the largest risk.
- There are many approaches to minimize potential insider threats, including strict access controls, monitoring for anomalies, social engineering tests, awareness training, and separating duties. Prioritizing security is crucial to protect valuable data and systems from internal and external threats.
Matt_Cyber Security Core Deck September 2016.pptxNakhoudah
The document discusses trends in the cyber security market and the chief information security officer (CISO) role. It notes the growing threat of cyber attacks and increasing importance of the CISO position. The CISO role has evolved from a technical role to require business skills to communicate cyber risk to executives. The document also discusses cyber security organization structures, emerging CISO profiles, and competencies for different types of CISOs. Finally, it briefly mentions the talent implications of digital transformation, including new roles in data analytics and existing roles requiring digital skills.
Today, the delegation of risk decisions to the IT team
cannot be the only solution and has to be a shared
responsibility. The board and business executives are
expected to incorporate the management of cyber risk
as part of their business strategy since they are
accountable to stakeholders, regulators and
customers. For the CROs, CISOs, and Security and Risk
Management Professionals to be on the same page,
there has to be a single source of truth for
communicating the impact that cyber risk has on
business outcomes, in a language that everyone can
understand.
The document discusses findings from a 2013 IBM study on the role of Chief Information Security Officers (CISOs). Key findings include:
- More mature security leaders focus on strategy, policies, education, risks, and business relations.
- Leaders build trust by communicating transparently and frequently.
- Foundational security technologies like identity and access management are still important.
- Mobile security has significant attention and investment.
- Metrics are used more for budgets than risk, and need to be translated to business language.
The challenges security leaders face include managing diverse stakeholder concerns, improving mobile security policy not just technology, and translating metrics to business impact. More strategic, risk-focused security leadership is emerging as the new standard
The document summarizes the key findings from a survey of 500 large enterprises in India on information security trends for 2014. Some of the main findings include:
- Organizations will spend more on security in 2014, with many planning to increase their security budgets.
- Office applications present the largest security concern, with 76% of respondents saying they are vulnerable to external attacks. 72% also expressed concern about the security of their network infrastructure.
- Organizations need both strategic and tactical security solutions to address emerging threats. They must take a holistic approach involving people, processes, and technology.
The Trailblazing Cybersecurity Leaders to Watch in 2024 (1) (1).pdfCIO Look Magazine
A distinguished executive in enterprise technology, cybersecurity, and services, Simon Chassar has an impressive track record spanning over two decades. Boasting international experience, Simon has been at the forefront of leading sales and business operations in the SaaS, software, hardware, and IT sectors.
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
This document discusses the need for organizations to shift from a prevention-focused approach to cybersecurity to one focused on rapid detection and response. It notes that most organizations have mean times to detect threats of weeks or months, leaving critical systems vulnerable. The document introduces the concept of security intelligence and outlines a threat detection and response lifecycle that organizations should optimize to reduce their mean time to detect and respond to threats. This involves processes like discovering threats, qualifying them, investigating incidents, and mitigating risks.
Four mistakes to avoid when hiring your next security chief (print version ...Niren Thanky
1) The document discusses 4 common mistakes companies make when hiring a chief information security officer (CISO).
2) These mistakes include shortchanging the risk expertise required, having an improper reporting structure, overemphasizing cyber qualifications, and waiting too long to hire the "perfect" security leader.
3) The role of a CISO has become more complex and strategic, requiring an enterprise-wide understanding of cyber risks rather than just a tactical focus on technology.
Improving Healthcare Risk Assessments to Maximize Security BudgetsMatthew Rosenquist
Healthcare is undergoing major changes
that are being driven by medical, consumer,
IT, and security trends. While these trends
deliver compelling benefits to healthcare
organizations, workers, and patients, they
also carry significant privacy and security
risks. Healthcare organizations are seeing an
escalation in the frequency and impact of
security compromises, driving a corresponding
increase in healthcare privacy and security
regulation at the national and local levels.
This paper looks at how healthcare organizations can better optimize and focus their
privacy and security efforts and budgets
through risk assessments designed to
identify, characterize, and address the most
serious threats and the agents behind them.
Six Scenarios How Russia May Use Nukes: Discussion of the unthinkable — The scenarios for Russia to use nuclear weapons.
Russia's war against Ukraine is raising the risks to everyone. It is not a pleasant topic, but one which we must understand for no other reason than we need to be purposeful in watching for indicators that may lead down one of these paths, so we might have the best opportunity in avoiding nuclear tyranny.
The document provides 10 predictions for the cybersecurity industry in 2022. It predicts that critical infrastructure will be a prime target for both cybercriminals and nation-states. Ransomware attacks will grow significantly in scope and impact, potentially disrupting entire societies. Cyber attacks will increasingly be used as a tool of foreign policy and domestic control by oppressive governments. Artificial intelligence and quantum computing developments will further escalate the arms race between attackers and defenders. Overall, 2022 will be a very challenging year for cybersecurity as threats become more powerful and widespread.
McAfee Labs explores top threats expected in the coming year.
Welcome to the McAfee Labs 2017 Threats Predictions
report. We have split this year’s report into two sections.
The first section digs into three very important topics,
looking at each through a long lens.
The second section makes specific predictions about
threats activity in 2017. Our predictions for next year
cover a wide range of threats, including ransomware,
vulnerabilities of all kinds, the use of threat intelligence
to improve defenses, and attacks on mobile devices.
Cybersecurity Curricula Guidelines for Post-Secondary Degree ProgramsMatthew Rosenquist
The cybersecurity industry has long needed a solid foundation for academia to build consistent and effective degree programs. There has been far too much inconsistency in cybersecurity and cyber-science education. In order to prepare the next generations of cybersecurity professionals, academic standards and curriculum must be defines and implemented.
The guidelines are a leading resource of comprehensive cybersecurity curricular content for faculty members of global academic institutions seeking to develop a broad range of cybersecurity offerings at the post-secondary level.
How Cyber Attacks are Changing Security - CSE ISCWest 2017 - Matthew Rosenqui...Matthew Rosenquist
Technology convergence is increasing the interconnectedness between the cyber and physical worlds. This is undermining security and trust in new ways by impacting critical infrastructure, transportation, physical security, privacy, consumer IoT, finance, healthcare, and government. As technology adoption increases, the potential threats grow in scale and capability, raising expectations that digital security, physical safety, and personal privacy will need to evolve to address the risks. The increased relevance of security across both cyber and physical domains will open new market and business opportunities.
Cybersecurity Risks and Recommendations - PSA TEC 2017 - Matthew RosenquistMatthew Rosenquist
Technology convergence across cyber and physical security is driving change. Protection will evolve to include digital security, physical safety, and personal privacy.
2019 Keynote at the Techno Security and Digital Forensics Conference - The Ve...Matthew Rosenquist
As the world embraces digital services and automation of critical systems, understanding risk, attributing actions, and deciphering attack methods will be crucial to the proliferation of connected technology. Trust is key, but transparency is greatly obscured. Forensics will grow to become the verification of truth and will play an ever-increasing role in understanding responsibility and controlling the dissemination of Fear, Uncertainty, and Doubt through actuarial data. Let’s explore the new areas, challenges, and opportunities for the bright future of digital forensics
Preparing for the Next Evolutions of Ransomware - Matthew Rosenquist 2018Matthew Rosenquist
Ransomware has grown significantly in the past few years. Nobody seems immune, with many individuals and organizations falling victim. Ransomware continues to evolve and adapt while security strives to reduce the risks. This presentation takes a look at how ransomware will evolve and best practices to manage the risks. Those who have insights to the future, have a distinct advantage!
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...Matthew Rosenquist
Matthew Rosenquist presented on cybersecurity workforce opportunities. He discussed how future challenges will drive demand for cybersecurity professionals. The best organizations see security as continuous process of risk management and adaptation. There is currently a shortage of qualified cybersecurity professionals, with an estimated 2 million unfilled positions by 2017. Needed skills include both technical hard skills as well as soft skills. Experience and industry certifications are important for jobs. Resources like the NICE framework and CyberSeek can help students understand skills and job market insights.
The Cloud is both compelling and alluring, offering benefits that entice many organizations into rapid adoption. But caution should be taken. Leveraging cloud technologies can offer tremendous opportunities, with the caveat of potentially introducing new security problems and business risks. Presented are strategic recommendations for cloud adoption to a community of application and infrastructure developers.
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistMatthew Rosenquist
1. The document outlines 10 predictions for cybersecurity challenges in 2016 and beyond, including the expanding roles of governments, continued evolution of nation-state cyber offenses, and the intersection of life safety and cybersecurity in connected devices.
2. It predicts security expectations will increase while security technologies improve but remain outpaced by adaptable attackers. Attacks targeting trust and integrity will escalate.
3. A continued lack of cybersecurity talent will hinder the industry from effectively addressing evolving threats. New threat vectors are expected to emerge as technologies advance.
CSE 2016 Future of Cyber Security by Matthew RosenquistMatthew Rosenquist
Cybersecurity is a difficult and serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Peering into the future of cybersecurity provides valuable insights around the challenges and opportunities. The industry is changing rapidly and attackers seem to always be one step ahead.
Presented by Matthew Rosenquist at the 2016 Connected Security Expo (CSE) @ ISC West http://www.connectedsecurityexpo.com/
Cybersecurity is a difficult and serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Peering into the future of cybersecurity provides valuable insights around the challenges and opportunities. The industry is changing rapidly and attackers seem to always be one step ahead. Organizations must not only address what is ongoing, but also prepare for how cyber-threats will maneuver in the future. The 2016 Cybersecurity Predictions presentation showcases the cause-and-effect relationships and provides insights and perspectives of the forthcoming challenges the industry is likely to face and how we can be better prepared for it.
The cybersecurity industry needs more people with greater diversity to fill the growing number of open positions. Intel is very active with internal corporate diversity efforts, establishing strong pipelines, and investing in diverse partners. Additionally, Intel is contributing to the formalization of cyber science degree standards to align educational programs to market demands.
The document discusses how Intel and McAfee have evolved together over the past 5 years since Intel acquired McAfee, looking at what they anticipated at the time compared to what actually occurred such as how the cyber threat landscape has changed and expanded more rapidly than expected, and how their focus has shifted from embedding security in silicon to leveraging it to boost software defenses and address new attack types like those originating from firmware and BIOS. It also examines how different attacker profiles have emerged and expanded in resources and sophistication more than anticipated.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Generating privacy-protected synthetic data using Secludy and Milvus
Top Cyber News Magazine - Oct 2022
1. MAGAZINE
TOP CYBER NEWS
About people, by people, for people
OCTOBER 2022
E x c l u s i v e a r t i c l e b y
C I O & C I S O a t P l a z a D y n a m i c s
2. Fore
Word
2
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
The Chief Information Security Officer (CISO) acts as a Digital Sentinel with their resources poised to
prevent cyber-attacks and lead the remediation activities post attack. The CISO is quickly becoming one
of the most valued positions to an organization regardless of their size due to the heavy IT and Cyber
responsibilities they carry. Threats are no longer external to the organization and the insider threat
must now become part of the risk assessment process when CISOs are assessing risks to
infrastructure and data.
The Digital Sentinel is responsible for selecting their weapons like any good warrior they have assessed
the threat landscape and selected tools which meet the organizations needs while accounting for
advances in technology, affordability, and potential shift in business operations. Adversarial tactics
have largely remained the same targeting popular applications like Office 365 or complacent users who
inadvertently click links inviting the adversary deep into the layers of the domain. For the Digital
Sentinel it’s a game of tactics and techniques and cyber threat intelligence plays a role in how limited
resources are allocated towards known vulnerabilities and how they and their incident response team
will react to exploitation of the unknown vulnerabilities lurking deep within their domain.
While protecting the IT Infrastructure the Digital Sentinel must work to foster good cyber hygiene
within an organization and build collaborative relationships amongst various functions within the
organization to develop effective policy and cyber culture. This can be a challenge at times and it’s
important to remember people skills are needed to compliment a highly technical skillset. The “people
factor” is an important component when the CISO is building a cyber culture within the organization,
and they face the daunting challenge of balancing the needs and wants within an organization and the
risks associated with both. It’s important for CISOs to have a strong relationship with the C-Suite and
not just at budget request time, they need to provide situational awareness for risks that could impact
the business operations and advise on realistic and affordable mitigations.
Digital wars are silently fought like a patient game of chess, each piece has a role on the board and
movements on that board are controlled by the role. The CISO role acts as a Digital Sentinel protecting
and pivoting across the board as they attempt to defend the cyber domain against attacks and insider
threats. Each side collects one another’s pieces through unauthorized exfiltration of data or breach of
the domain, the game is endless, and it doesn’t rely on a game clock, or the number of pieces
collected by an opponent. Multiple games are at play and the Digital Sentinel is quietly watching and
protecting their domain.
The Digital Sentinel – The CISO - Angelique "Q" Napoleon for Top Cyber News MAGAZINE
3. Les Assises de la Sécurité
www.lesassisesdelacybersecurite.com
The gathering of cybersecurity experts
from 12 to 15 October 2022, in Monaco
Le rendez-vous des experts de la cybersécurité
du 12 au 15 Octobre 2022, à Monaco
#LesAssises #LesAssises2022 #LesAssises22
4. 4
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
Matthew Rosenquist, Eclipz, USA
Matthew Rosenquist is the Chief Information Security Officer (CISO) for Eclipz, the former Cybersecurity
Strategist for Intel Corp, and benefits from over 30+ diverse years in the fields of cyber, physical, and
information security. Matthew is very active in the industry and advises fellow CISO’s, boards, academia,
governments, and businesses around the globe on emerging threats, innovation, and industry best practices.
Matthew specializes in understanding the fundamental factors that drive and shift the industry. He has been
providing cybersecurity predictions for decades and his insights have been published in reports and various
industry periodicals. As a veteran cybersecurity strategist, he identifies risks and opportunities to help
organizations balance threats, costs, and usability factors to achieve an optimal level of security.
He develops effective security strategies, measures value, develops techniques for cost-effective capabilities,
and establishes organizations that deliver the right levels of cybersecurity, privacy, governance, ethics, and
safety. Matthew is a member of multiple advisory boards, an experienced keynote speaker, publishes
acclaimed articles, white papers, blogs, videos, and podcasts on a wide range of cybersecurity topics, and
collaborates with partners to tackle pressing industry problems.
Matthew has won numerous awards and recognition, including: LinkedIn Top 10 Technology Voice,
Thinkers360 Top 10 Cybersecurity and Privacy Thought-Leader, Engatica Top 50 Cybersecurity Influencers,
and leadership awards from HMG Strategy and Global Leaders Today.
5. by Matthew Rosenquist
The Next Great Challenge
for CISOs
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
CISOs are facing a new challenge to their success - showcasing the meaningful value of cybersecurity
over time. This is largely unfamiliar and traditionally difficult for leaders. As threats and operational
complexities continue to increase, security has adapted by requesting ever larger budgets to scale with
the new threats. Annual increases of 9% to 20% aren’t unusual, with some regions seeing a 60% jump
in security budgets. This is not sustainable for groups that are positioned as cost centers and not
bringing in revenue to offset their budget. There is no doubt that cybersecurity is appreciated and
necessary, but the question is how valuable, how much protection is needed, and are the resources
managed properly? Organizations cannot blindly pour assets into a cybersecurity void every year.
Executives want to control spending and see a return on their investment. CISOs must rise to the
challenge by maximizing their contributions to corporate goals, working effectively to reduce the risks
of loss, and deftly communicating the value proposition across the organization.
Strategically, there are three areas that CISOs can focus on:
First, build a well-operating cybersecurity capability that purposefully aligns with the corporate
business objectives. Effectively and efficiently protecting against risks is the core function of
cybersecurity.
Second, compare the security and value against peer organizations. This benchmark is very valuable
for senior executives to understand if they are spending equitably on security.
Thirdly, explore opportunities to contribute to the bottom line regarding revenue, market share, brand,
and average selling price. Many companies leverage security, privacy, and safety features as non-
traditional competitive advantages. Apple’s recent marketing campaigns focus on privacy for their
customer’s data, not performance. This has worked well and shows that taking advantage of
cybersecurity can directly benefit the marketplace. CISOs must evaluate the business opportunities and
partner with product teams, operations, and marketing. Security teams that deliver a competitive
advantage have tremendously more prestige when communicating their sustaining value!
CISOs must face the elevated expectations that accompany cybersecurity costs. The value must be
embraced by senior leadership to maintain the necessary support to remain effective. CISOs need to
maximize and showcase their contributions to the business, which requires new skills and approaches.
Those who fail will suffer from growing doubt, more scrutiny, waning support, and less resources to
achieve success against ever greater expectations. The best leaders will take advantage of
opportunities and prove the value of their cybersecurity program.
5
7. T a l e n t S p o t l i g h t : C y b e r S e c u r i t y
Matthew Rosenquist
Chief Information Security Officer for Eclipz
This interview is conducted by Yehudah Sunshine, Director of Marketing at Cyfluencer
Matthew Rosenquist is the Chief Information
Security Officer (CISO) for Eclipz, but this is just one
of the countless responsibilities he holds. From
CISO and globally sought after speaker, to advocate
and industry expert Rosenquist has seen the
industry grow and cyber risk evolve from passing
thought to driving the conversation. With over 30
years of experience defining the cyber strategy and
outlook of many of the leading players in technology
and software development Matthew has witnessed
firsthand the evolution of responsibilities and cyber
knowhow of security professionals, from the humble
beginnings of investigating financial crimes to the
CISO and everywhere in between.
7
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
[Yehudah Sunshine] Tell us a bit about your initial
motivation to get into cybersecurity.
[Matthew Rosenquist] I think I was initially driven by
the combination of technology and the challenge of
dealing with intelligent, crafty, and motivated
adversaries. I started in security working with a
world-class team that focused on detecting,
investigating, and prosecuting criminals committing
theft, fraud, and embezzlement.
I took a particular interest in detecting charge fraud
and arresting the criminals. I realized the technology
is just the playing field that the threats operated in
and the real challenge was in dealing with the skills,
creativity, boldness, motivation, and persistence of
the attackers. Defenders are directly pitted against
those seeking to undermine security and victimize
others.
I was hooked. Cybersecurity was a
natural fit as it combined my passion for
technology and adversarial interdiction –
all for a noble cause of defending against
undesired impacts.
[Yehudah Sunshine] What significant
experiences shaped your approach to cyber
risk management at this stage?
[Matthew Rosenquist] Practical experience
always guides your understanding, and for me
this was really the case. From Dealing with
technology, behavioral, processes, and business
challenges as well as building teams, tackling crises,
and working with various organizations across the
cybersecurity industry I was able to form ideal
approaches. As a result I thrive on situations where I
have been able to anticipate what the attackers will
do and establish best-practices in pursuit of
managing risk to an optimal level.
8. [Matthew Rosenquist] Building Intel’s first SOC,
leading the first cybersecurity crisis response team,
figuring out how to manage M&A risks, and leading
entire security organizations with an eye to find the
right balance of risk, costs, and friction to the
business.
[Yehudah Sunshine] Today you shuffle many hats,
from executive and CISO to cybersecurity thought
leader and sought out speaker. How do you blend
these diverse expectations while still having a clear
vision of improving cybersecurity?
[Matthew Rosenquist] For me, my professional
journey is driven by a single objective: to make
digital technology trustworthy. That means it must
be secure, private, and safe – which are the
hallmarks of cybersecurity. I seek opportunities to
understand and predict our adversaries, support
cybersecurity innovation, drive equality and equity
for the workforce.
[Yehudah Sunshine] Who were the most impactful
individuals in your journey, that both influenced
your trajectory and imparted critical life lessons in
and beyond infosec?
[Matthew Rosenquist] I have always been sparked
by people with passion, innovative ideas, skills to
organize, communicate, and inspire! Great people
can be found in every profession, at every level. I
have had great bosses, mentors, and brilliant
industry colleagues. But I have found impactful
people at all levels in almost every engagement. The
constant chaos and ambiguity of cybersecurity
requires professionals to continually learn and
adapt.
I purposefully look for these people to improve my
own capabilities. This is why communicating and
collaborating is so crucial. We all can influence and
inspire each other to rise to the challenges.
For me, one of my greatest inspirations was Sun
Tsu, who advocated knowing the enemy as well as
yourself. This concept became pivotal in my journey
in cybersecurity, where people often believe
problems are only of a technical nature.
[Yehudah Sunshine] What have been some of the
turning points in your career that changed how you
view the nexus of technology and cyber risk?
Interview with Matthew Rosenquist, by Yehudah Sunshine
>>
8
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
9. Secondly, it is a practical matter. Cybersecurity
teams that lack diversity of ideas and perspectives
are at a distinct disadvantage to their adversaries
who do bring diversity to the fight.
If we want to keep pace with attacker innovation, we
must also proactively embrace inclusion for women
and underrepresented minorities. They possess
different experiences and viewpoints, bringing
creative perspectives to increase the level of
capabilities for cybersecurity teams.
[Yehudah Sunshine] What do you see as the prime
focus of your cybersecurity evangelism?
[Matthew Rosenquist] To encourage the community
to communicate and collaborate in ways that
improves everyone’s ability to manage cyber risks.
Cybersecurity is a team sport; we must win by
working together. It is the only way we have a
chance to maintain parity with the rapidly evolving
cyber threats.
[Yehudah Sunshine] What strategic and practical
advice can you give for individuals seeking to
eventually become a CISO or industry leading cyber
thought leader?
[Matthew Rosenquist] There are many different
roles in cybersecurity and many don’t require
technical skills. Find your interest, whether it is
technical, behavioral, legal, leadership, organization,
or something else and identify the roles you are
interested in. The cyber industry can be grueling for
those who aren’t doing what they love, so choose
carefully.
Then find out what education, skills or certifications
beneficial. Plan your path accordingly.
In almost all cases, practical experience is
supremely valued so take extra care to enrich
yourself with real-world acumen.
[Matthew Rosenquist] I make it my mission to
advocate for digital ethics to strengthen the
foundations of technology, communicate best
practices, inspire audiences to see the value of
cybersecurity, as well as collaborate with the best
minds to solve the most pressing problems, and
dispel misinformation that can weaken the industry.
We all have a role and can actively contribute with
focus and passion!
[Yehudah Sunshine] What sparked your commitment
to improving the opportunities for women and
minorities in cyber?
[Matthew Rosenquist] First and foremost, equality
and equity among people is simply the right thing to
do. You can’t have basic human rights if people are
not included or afforded fair opportunities.
Interview with Matthew Rosenquist, by Yehudah Sunshine
>>
9
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
10. [Yehudah Sunshine] What emerging technologies or
threat vectors will make the biggest waves in 2023?
[Matthew Rosenquist] AI, Quantum Computing,
Blockchain, and space-based communications will
all play important roles in 2023 and beyond. These
are powerful technologies that can be used for the
good of society or wielded in malicious ways by
those seeking to leverage their capabilities.
This is why cybersecurity will play a key role to
make sure powerful innovative technology is secure,
private, and safe. We all want to embrace the
wonderful benefits of new products and services,
and not suffer the potential impacts from misuse.
Cybersecurity will be the force that influences better
designs, development, operations, assurances for
proper use and protections when those fail.
“It is a tremendous challenge and requires
brave, skilled, and adaptive people to take on
the challenge and work together to deliver
sustainable optimal security.”
Lastly, find thought-leaders who are in those roles
and connect with them on professional social
networks like LinkedIn. Follow them. Watch what
situations they find worthy of weighing in on.
Understand how they see, describe, and approach
problems or issues.
Simultaneously, build your own brand by
contributing to discussions with ideas, concerns,
perspectives, and questions. This reputation will be
a great resource when applying for jobs or reaching
out to peers for collaboration.
[Yehudah Sunshine] In the coming year, what will be
the most significant cyber threats on the rise?
[Matthew Rosenquist] The world is in the midst of a
war between powerful digital countries, who
possess tremendous nation-state capabilities to do
harm. The most significant threats to our global
digital ecosystem is from offensive actions directed
from aggressive nations that seek to exert political
agendas, accumulate power, or seize economic
advantages to the detriment of others.
Critical infrastructure such as government services,
defense, energy sector, transportation systems,
shipping logistics, communications, healthcare,
finance, and media will be targeted with disruptive
attacks and digital extortion like ransomware.
Conflict on the international stage now includes
cyberwarfare. There is no putting that powerful
genie back in the bottle.
The second threat will be from within. The costs of
cybersecurity continue to skyrocket and it will be
necessary to adapt programs to maximize returns,
be efficient, effective, and showcase the value of
security programs, to justify the spending. This will
be a significant challenge for teams who are more
focused on preventing and responding to attacks.
Business case justification and communication to
executive levels requires a whole new set of skills,
tools, and perspectives. Yet, securing operational
funding is necessary for survival and longevity.
Interview with Matthew Rosenquist, by Yehudah Sunshine
>>
10
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
11. by Yehudah Sunshine
The Shifting Roles
of Today’s CISO
11
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
Over the past year, I have been privileged to
speak with hundreds of security
professionals, and dozens of battle-tested
CISOs. These conversations frequently
focused on understanding what separates
an adequate cyber leader from those
forward-thinking visionaries redefining
security awareness, management, and
mitigation worldwide. In the process, I
couldn't help being overwhelmed by the
constant mentions of four keywords:
• Accountability
• Accessibility
• Communication
• Integration
Regardless of sector or funding, public
profile, or company size, organizations
everywhere expect their top security leaders
to be the one-stop shop for improving risk
outlook all the while holistically changing
the security culture from the top down. With
the rapidly evolving roles and
responsibilities of today’s CISO, the
personality and core ethos of these leaders
demand:
Accountability
CISOs are more than just punching bags to
blame for massive data breaches. Effective
CISOs must take full responsibility for data
security, and cyber awareness implantation
while providing the resources to empower
the workforce to mitigate cyber threats.
Accessibility
A CISO cannot be an anonymous figure in
the shadows. Today’s CISO must be
available for the varying needs of every
dept. Rather than siloing themselves off in
an ivory tower, security leaders must make
every effort to connect with vital individuals
across the company. By providing actionable
advice and implementing clear channels to
relay potential risks CISOs become a carrot
vs a stick.
Communication
A CISO can only make an impact when their
terminology and approach is contextual to
whom they are speaking to. Today’s ideal
CISO is one part security wizard, two parts
wordsmith.. Blending technical expertise
with the language everyone can relate to is
key to making cyber risk real.
Integration
No one wants to search the yellow pages
when their house is on fire, and the same is
true for cybersecurity. To enhance cyber
awareness and skills building, security
professionals must be ingrained in non-
technical teams. By breaking down
obstacles to communication and more
importantly forming genuine relationships,
CISOs can bring cyber preparedness into
terms their teams can approach.
There will never be one clear definition of
how the role of the CISO has changed in the
past 30 years. However, after countless
conversations and many long nights diving
deep into how today’s CISOs take on
complex security challenges one thing is
clear.
By blending Accountability, Accessibility,
Communication, & Integration CISOs can
better influence their organization's long-
term cyber risk strategy and prevent data
loss.
12. 12
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
Yehudah Sunshine, Cyfluencer, Israel
Bringing together his diverse professional cyber know-how, intellectual fascination with history and
culture, and eclectic academic background focusing on diplomacy and the cultures of Central Asia,
Yehudah Sunshine keenly blends his deep understanding of the global tech ecosystem with a
nuanced worldview of the underlying socio-economic and political forces which drive policy and
impact innovation in the cyber sectors. Yehudah's current work focuses on how to create and
enhance marketing strategies and cyber driven thought leadership for Cyfluencer
(www.Cyfluencer.com), the cyber influencer thought leadership platform. Sunshine has written and
researched extensively within cybersecurity, the service sectors, international criminal
accountability, Israel's economy, innovation and technology, as well as Chinese economic policy.
13. by Gary HAYSLIP
Storytelling
A CISOs’ Formula for Success
13
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
Today’s CISO is caught in a landslide of change as businesses undergo extreme transformation.
Their role requires evangelizing the strategy of their security programs, their program’s
management of systemic risk, and finally, its perceived value to company employees and leadership
stakeholders. To be effective in this challenging process, I find an excellent tool to use is
storytelling. This skill allows CISOs to express ideas and bring the audiences on a journey to
experience their point of view. In storytelling, I use a formula to describe current business
problems and the value added when these issues are addressed. I view the core components of my
storytelling formula as:
Context + Value = Informed Decision Making
Context: Provide insight to help the audience see the CISO’s point of view. An example, the
company should be ISO 27001 certified. In describing the need for this initiative, the CISO may
relate how, as parents, we pick a doctor for our children based on certifications, education, and
experience we feel demonstrates competence. This process also emulates how customers review
companies and their certifications, like ISO 27001, to demonstrate they meet industry best
practices for cyber resiliency and risk management. Helping the audience see the security need
through a personal lens builds a bridge between the CISO and the audience.
Value: After the audience has gained an understanding of the requested initiative, it’s time to answer
the question, "What's in it for me?" It is in this part of storytelling that the organization’s current state
is described, and the CISO outlines the resources required, possible impacts on operations, and, finally,
end results that provide value to the company.
Informed decision-making: This is the outcome of a good story. The CISO, peers, and executive
leadership make decisions using not only numbers and statistics but also a contextual understanding of
the importance the initiatives provide to the business.
The use of engaging stories to drive action and possibly shape the culture of an organization are key
reasons why I believe communication skills need to be continually developed and used by security
executives. These skills give the CISO the chance to step out from behind the wall of their security
program and be visible, to be seen as human and someone to trust. Through this trust, the CISO can
mature the security program and meet their company’s needs.
14. With over 20 years of IT, cybersecurity and risk management experience, Gary Hayslip has established a
reputation as a highly skilled communicator, author, and keynote speaker. Currently, as Global Chief Information
Security Officer, he advises Softbank Investment Advisers (SBIA) – The Vision Fund, executive leadership on
protecting critical information resources and overseeing enterprise cybersecurity strategy. As the senior security
executive for SBIA, Hayslip’s mission includes creating partnerships and a “risk aware” culture that places a high
value on securing critical information entrusted to SBIA.
Hayslip as a proven cybersecurity professional recently co-authored the CISO Desk Reference Guide series: A
Practical Guide for CISOs – Volumes 1 & 2, Executive Primer – The Executives Guide to Security Programs,
Develop Your Own Cybersecurity Career Path, and The Essential Guide to Cybersecurity for SMBs. His previous
executive roles include multiple CISO, CIO, Deputy Director of IT, and Chief Privacy Officer roles for the US Navy
(active duty), the US Navy (Federal Government employee), the City of San Diego, California, and Webroot
Software. Hayslip currently holds several professional certifications including CISSP
, CISA, and CRISC, and has a
Bachelor of Science in Information Systems Management from University of Maryland & Master’s in Business
Administration from San Diego State University.
14
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
Gary Hayslip,
SoftBank Investment Advisers, USA
15. by Michel CAZENAVE
Are We Appropriately Skilled
To Be Top Class CISOs?
15
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
Cybersecurity strategy begins with the CISO
While systems become more complex, hybrid,
interconnected, nowadays CTI information shows
that “cyberattacks have shifted from disrupting to
75% attempts to take control of target” (source
Cyber Intelligence x sectorsAlliance) and get a
remote access, encrypt and/or steal data, setting
backdoors and spying activity associated with
criminal revenues either directly claimed from
victims or by selling knowledge, data,
vulnerabilities and tools on the dark web.
This evolution should lead every CISO, with the
unconditional support of their company boards of
directors who are perfectly aware of the risk
even if they still wish to understand how to help,
to rush a 360° hardening and best practices
review of their processes, assets and systems in
order to become a too costly target to pawn,
compromise or ransom, associated to an overall
preparation of their incident response plans,
proactive training and monitoring strategy to be
able to react appropriately in case of incident.
“The increasing sophistication of cyber
criminals coupled with
the rapid shift to digital technologies has
emphasized cybersecurity’s importance. Those
factors will have a
knock-on effect on CISO role and impact as well
as the C-level view and understanding on
cybersecurity”
While C-level consider now cyber security as a
strategic priority, the CISO needs to evolve
leadership to match this new interest within an
organization. It means to switch and ascend to a
C-level forward thinking attitude to lead and
orient strategy, investment and projects with a
clear, didactic prioritized and argumentative
discourse on business challenges and threats
and potential impacts.
While this internal shift is important, CISO can
also focus on creating or joining external circles
of trust to collaborate with peers. It creates value
by breaking CISO isolation, leveraging knowledge
and threat awareness and sharing or
benchmarking information, advices, tools,
methodologies and procedures in similar context.
It is already a trend with ISACs or similar
organizations (and even used by cybercriminals).
Collaboration is probably the next additional
must-have to leverage CISO's existing weapons
and means.
All other aspects of cybersecurity strategy shall
focus on helping IT to deliver business aligned,
secured, and resilient services which is quite
business as usual for a CISO and combine well
known recipes (understand the business, hire
experts, use best practices, deploy security
tools, use external cybersecurity services and
consulting, be certified, analyse risks, define
controls, patch, audit… to definitely become a
too hard target to hit.
Are we appropriately skilled
to be top class CISOs?
“What the ancients called a clever
fighter is one who not only wins, but
excels in winning with ease.”
~ The art of war by Zun Tsu
The cyber threat is no longer an illusion nor
discussed as a hypothesis but as a certainty. The
disaster is imposed on us every day, with
shocking publications: "data breach", "spear
phishing", "ransomware" and soothing crisis
declarations: "we are in control of the situation
and are investigating", "we have called in the
best experts", "the impact measurement shows
that the sinews of the company's war are not
affected", "no data has been affected".
16. by Michel CAZENAVE
>>
16
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
The CISO is, within his or her company or
organization, THE point of reference for
cybersecurity. Charged with defining the right
strategies, implementing the right tactics and
directing operations to protect the company
or entity from cyber threats, the CISO has an
enormous responsibility that is extremely
difficult to assume in order to effectively
defend a perimeter that is by definition
porous, shifting and variable in geometry.
Most employ several means to achieve this:
recruiting experts (difficult), implementing
best practices (demanding), deploying
cybersecurity tools (expensive), setting up an
SOC or CERT (complex), using service
providers or consultants (helpful), obtaining
certifications (not sufficient), networking with
peers (useful) and share information,
successes and failures with trust circles
(ISACs).
None of these are bad and a CISO who
succeeds in getting his entity to run plans
that includes a complete and consistent set of
these means is probably a fair good CISO.
I might require to be a good performer in
many domains including technical,
organizational, logistical and administrative.
We all have studied, been trained in those
domains. If it is not the case, this might be an
improvement point for all of us and a starting
point for people that wish to become CISO.
The funny is how do one define this
"complete and consistent set"?
Successful CISOs adopt whole or part of
following or similar steps:
▪ understand how they are a target, what is
the threat and how it could turn bad for
their company
▪ align cybersecurity strategy first with non-
IT priorities (business, compliance, legal,
risk...) and then with IT priorities
17. 17
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
CISO and CSO for PwC France, Monaco & Maghreb, President at CIX-A / Cyber Intelligence X sectors Alliance,
Michel Cazenave, is passionate about cybersecurity. Pragmatic and exploring new avenues, Michel leads his
teams to protect people, property and business in line with PwC's goal: building trust in society and solving
important problems.
He has been involved for over 25 years in cyber security, security and crisis management in demanding and
complex environments such as the Ministry of the Armed Forces and the Ministry of Foreign and European
Affairs.
He represented France at the Council of the European Union in the CCIS preparatory body from 2008 to 2017 and
has been laureate of 01 Business & Technologies 2012 CISO Special Jury Prize in 2012.
Member of CESIN (www.cesin.fr) since its creation, he is also since December 2019, engaged as President of the
CIX-A / Cyber Intelligence X sectors Alliance (www.cix-a.net), ISAC which aims to organize the sharing & the
operational, tactical and strategic collaboration between CISOs & their teams to improve the cybersecurity
ecosystem and help members and their supply chain to defend themselves collectively.
Michel CAZENAVE, France
18. by Isabel María GÓMEZ
From Delfos
to Cybersecurity Facilitator
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
The user education model has been in force for more than 30 years but don’t seem to give the
expected results. The culture of security/privacy don’t end up permeating people and despite the
millions invested in awareness we continue to see daily examples ranging from large companies
to people not linked to work areas that show videos on social networks indicating how not
having a series of security measures in place have led to the loss of your account and part of
the digital identity related to the loss of the although in younger people with videos like those of
Instagram or TikTok.
It's time to look for new approaches, to be more effective and above all to adapt to new
technologies by knowing our way of learning. We begin this journey then in the ancient pronaos
of the temple of Apollo at Delfos where it is inscribed "Know yourself" (gnothi seauton). A Greek
aphorism as simple as effective tells us that knowing how the human being memorizes new
information may hold the key. I invite the reader to go back for a moment to being students and
carefully think that, if we want our employees, third parties and families (a very important part
of this whole) to retain more information and be better prepared for security challenges, we
must not forget to know how to be better. Several well-known studies indicate that of everything
we listen to after 24 hours we will only retain 5%, of what we read we’ll only retain 10%, of the
graphics we look at 20%. From what we hear 30%, if we discuss it with others 50%, if we
practice and write it down, we’ll go up to 80% and if we show it to someone else we can reach
90-95%....
With this in mind, this 2022 I started a personal journey to find out which could be the best
method that would combine all of the above and that would also allow me to reach that desired
90%-95% and I found it!
Becoming a facilitator and sharing awareness sessions. The results have allowed a greater
communication of possible social engineering attacks widely known in addition to a significant
improvement in the protection, including the family environment. Becoming a facilitator allow us
to interact in a close, dynamic, bilateral and simple way, making knowing ourselves a new
paradigm of effectiveness in security awareness.
18
19. 19
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
Isabel María GÓMEZ has long tested experience in security and information technologies, and in the course of
her career has specialized in several areas related to security. Some of them are: Risk Management,
Cybersecurity, Continuity and Resilience IT, Privacy, Compliance and Digital Transformation. She has also a
widespreed legal, regulatory, technical, and financial background let her manage and coordinate efficiently different
legal and technical areas. Previously, Isabel has had various executive roles reporting direct to CEO in information
security in leading companies in their respective lines of business, such as Atento, SegurCaixa, Bankia, and
Medtronic
Isabel María GÓMEZ, Spain
20. Cybersecurity is not a new skill set. It is an
important subset of overall enterprise and
personal security. Security is both common
sense, and a habit for successful individuals
and organizations. For example, remembering
to lock the doors and windows of your house
when you sleep or are heading out. It’s
common sense not share your home keys with
a stranger. Or for that matter, when you buy a
new house, to change the locks for your own
security. And not a cheap lock either. Today,
people practice these security habits naturally.
And in social behaviour most people are careful
not to spread rumours, allegations or false
information when interacting with others in
business and personal settings.
However, these security and common sense
practices are not universally applied in
cyberspace. In cyberspace people a much more
unconscious of security and safety
consequences. For example, to use an easy to
remember password such as “1234567” or
“password1”, that they write down on a Post-it
note and leave out in the open for all the see.
Or to share on Facebook, Instagram and other
social media outlets outrageous photos or
contestable opinions. It never occurs to many
people that information such as birthday,
mother’s maiden name, or their mobile number
constitutes PII (personal identifiable
information) that most banks routinely use to
authenticate you over the phone. A definite
security risk if this information falls into the
wrong hands.
While many people are unaware of the risks of
such behaviour, many companies are unaware
of the hidden cyber security risks inside their
organization.
The modern CISO understands these risks, yet
until recently, the role of the CISO has been
relegated to a subset of the technology function
and rarely has cyber security been part of the
business strategy or culture.
Simply put, cybersecurity professionals are
seen as outcasts by business line leaders, and
even the technology and risk functions.
In most organizations, the role of head of cyber
security has been filled with either former IT
professionals, or former military security
specialists. They are technical and security
experts, but not business experts. They see their
role as technical, whereas the real need is for
cyber security to become an important business
issue so that all employees feel accountable for
company and personal cyber safety. For the
modern CISO, security-by-design is a business
issue and a key part of how to keep the company
safe. However, when the CISO talks about
security-by-design and other important business
security issues, they are often seen as arrogant
and condescending. They are also branded as the
“Bad Guys” who must be the gatekeeper within
the company, to oversee security checks for all
IT projects. Which naturally means the cyber
security function will never win a popularity
contest and is often left out of important product
development planning until the very end.
For the CISO, as the defender of the crown
jewels of the business, one significant breach is
enough to warrant potential dismissal. In the
language of soccer, you can go from hero to zero
in just 1 min when cyber criminals manage to
‘score a goal against you’, while few give credit
for the fact that your cyber team rebuffed
multiple hack attempts for over 89 minutes.
Cyber security is definitely undervalued.
by Aloysius CHEANG
CISOs - Defenders Of The
Crown Jewels Of Your Business
20
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
21. by Aloysius CHEANG
>>
21
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
But things are changing. Recently, due to the
large increase in cyber attacks globally,
cybersecurity is beginning to take centre
stage. And it comes as a key part of the new
era, the digital era. In the 4th industrial
revolution, we are seeing people talking and
accepting the notion of a “digital economy”
and the need to undergo a digital
transformation. This is so true under the
Covid-19 pandemic where if organisations do
not change the way they operate, they may
not survive.
Take for example shopping malls. Shopping
malls are finding it hard to survive with
restrictions on personal gatherings due to
Covid-19. On the other hand, e-commerce or
online malls such as Alibaba’s T-Mall or
Amazon have a thriving business model! Not
to mention the Deliveroos and Deliver Heros
of the world that send food to your home as
restaurants are either ordered to close to
customers or operating at a capacity that is
not revenue viable.
As there is a quantum shift in business and
individual behaviour towards online
commerce, suddenly it dawned on many that
there will also be security and privacy
concerns online. For example, when using
online commerce sites, making sure that
personal and financial information are not
shared, leaked or stolen. People expect their
online experiences to be safe and secure. And
this is helped by the cloud revolution, where
for once it is very clear that IT today is
already a utility, just like electricity and water.
And just as you expect your electricity to be
green and water to be potable, people have
the expectation that cloud services are
secure.
True, it is still far from seeing the CISO taking
over the CEO position in any traditional
business. More recently however we are
beginning to see a few CISO’s as part of a
company’s executive management team with
a direct reporting line to the CEO. Even more
frequently we are seeing companies valuing
and elevating cyber security and giving the
CISO more access to business leaders. Some
even appoint cybersecurity professionals onto
their board to better address cyber risk
issues. The implementation of GDPR in
Europe and the appointment of a Data
Protection Officer (DPO) has driven the
recruitment of professional CISOs to support
efforts to build security controls into privacy
policies and internal controls.
However, to be effective the modern CISO
must be able to communicate to the Board
and senior management in business
language. To speak the business language
that everyone can understands, and not in
terms of their firewall rules or security
penetration testing lingo. The crux to build
trust with business and the board.
We are in a new era today where cybercrime
is exploding. The modern CISO must become
not only as the “cyber sheriff” bringing law
and order into the company’s cyberspace, but
also be an “Ambassador of Cyber Safety”
through an understanding and development of
the internal cyber security digital eco-system.
The modern CISO is the architect of an open
and transparent communication and
collaboration model that protects the
company, customers and employees.
“That new world order is now, and
cybersecurity is moving from the back-room
to the frontline and the boardroom.
Will business leaders grasp this opportunity
and make the best out of it?”
22. 22
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved 22
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
Aloysius Cheang, Huawei, UAE
Aloysius Cheang is the Chief Security Officer of Huawei UAE responsible for driving the company’s
cybersecurity vision of building a safe and secure intelligent connected digital world in the UAE and
Islamic nations globally. He is also a Board Director for US-based (ISC)2, as well as UK-based
cyber leadership think tank, the Centre for Strategic Cyberspace + International Studies (CSCIS).
In his career spanning over 20 years, Aloysius has extensive experience in delivering strategic,
complex, multi-year and multi-million-dollar technology and cyber program for Global 500
organizations while managing large international, multi-cultural, multi-disciplinary team in his
various assignments globally.
23. by Lydie NGO NOGOL
The Era of CISOs
23
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
In today's digital age, cybersecurity is no longer a luxury, it’s a necessity. The Chief Information
Security Officer has therefore become an important role in any organization that wishes to better
manage security risks.
Having a good CISO is vital to effectively succeed in cybersecurity. However, a good CISO doesn't
need to play a hero or be one! Good leadership is what's most needed in cybersecurity. A CISO
ought to embrace his role as a business and risk management leader rather than a cybersecurity
guru. Their aim should be to build a well-integrated security governance that supports critical
business decisions. As a leader, a good CISO should also be able to build, inspire values and
develop a strong team of cybersecurity warriors with core knowledge and principles.
Culture change is the backbone of the vision that a Cyber Security leader should bear by
determining how it should be introduced, driven and by whom. In so doing, the CISO should
develop and maintain critical relationships with all stakeholders and communicate at both senior
and operational levels. The challenge here is to understand the diversity and differences in key
stakeholders skill sets and abilities, and to adopt a language that they can all understand. Couple
with this, the chief strategy of the CISO should be centred around resilience. For example, while
conversing with the CFO, the CISO should translate cybersecurity problems into risks issues and
draw a direct link to the cost impact that these can have in the organisation. The same problems
can also be presented as elements or events that can slowdown the productivity and growth in a
digital organisation.
Being able to find the proper message to each type of stakeholder requires to know your organisation,
your people, what motivates them, and how you can help them to achieve their objectives. Therefore,
the CISO should succeed in making sure that security effectively becomes everyone's responsibility in
the organisation. Consequently, it becomes clear that the idea of a CISO being a security guard who
blocks everything and slows down business is obsolete.
In my opinion, in a world where we are gradually dependant on technology, where systems are easily
hacked and yet people need a seamless work experience, a world where cybercriminals are constantly
shifting and improving their strategy, the CISO should be viewed as a leader that enables business to
run safely, timely, and productively.
24. 24
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
Lydie Ngo Nogol is currently the Chief Information Security Officer (CISO) for PWC Sub-Saharan Francophone
Africa covering 10 countries. She is passionate about the topic of Cybersecurity and focuses her leadership on
culture change to bring more awareness around the benefits that good practice in this area bring to organisations.
She achieves this through an effective communication strategy that simplifies complex issues to bring clarity and
understanding about what Cybersecurity is and how to tackle it best. Lydie is also a hands-on leader with the
ability to promote and drive her teams to operational excellence.
Lydie was featured in the CISO Directory 2022 book, a guide to Africa’s leading cybersecurity decision making by
ITWeb organisation. One of her strongest aspirations is to pave a way that demystifies the perceived barriers
around becoming a CISO to encourage more young girls to follow on her footsteps and embrase this fascinating
and rewarding field of work.
Lydie NGO NOGOL, PwC, Cameroon
25. by Ludovic Lecomte
Cybersecurity
in the SaaS Industry
25
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
To do so, my strategy at Inova was to follow
these steps:
• Conduct a cyberthreat modelling exercise.
• Formalize and share a Secure Software
Development Lifecycle Policy.
• Train Security Champions who are the eyes
of the security at all steps of the DevOps
process.
• Finally, integrate security tools into the
DevOps pipeline to automate vulnerability and
cyberthreat detection.
"Do remember to protect your Forgery!"
Unfortunately, a lot of SaaS companies are
forgetting to protect their business. From my
experience, being too focused on protecting
the product is a mistake, because some threats
directly target your development framework or
environment. That's why it is important, in
addition to training people on cybersecurity, to
evaluate risks on the internal Information
System of the company.
The latest cybersecurity news confirms this.
SaaS companies are being directly attacked
from their internal Information System through
social engineering or malicious code directly
injected in the development framework.
Finally, cybersecurity is more about people.
Organization and trainings are the best
investments a SaaS company can make to
begin its security by design project. Particularly
when it is not that complicated to find magic
tools that automate security scans and provide
alerts on vulnerabilities.
At the end of the day, you still need people
able to react quickly. Therefore… can we
say/think that Cybersecurity is an infinite
human loop?
With the rise of the Software as a Service
(SaaS) business model and the explosion of
data externalization, companies have increased
their exposure to data leak. By making an
investment in a "Security by design" project,
SaaS companies can stay one step ahead of the
competition, prevent the impacts of a
cyberattack for their customers, and save
money by not having to fix vulnerabilities later
in production. All SaaS companies should
demonstrate that cybersecurity is a key
component of their development processes and
that they are taking aggressive steps to
integrate security into their everyday
operations.
"Security is all about Trust."
Placing cybersecurity at the center of a SaaS
product delivers a confidence boost for
customers who adopt it and establishes trust in
the software and its capabilities to protect the
data. There are famous certifications like SOCII
or ISO27001 that go a long way in providing
customers with evidence that best practices
are applied and audited, but compliance is not
enough. We need to continuously improve
security by renewing risk assessments,
tracking new threats and monitoring security
solutions.
"We know the incident will happen, we just
don’t know when."
Security by Design is a concept that pushes
SaaS companies to build their software and
hosting platform around a secure foundational
principle. It is a proactive approach that aims to
avoid and limit the impact of a successful
cyberattack. This approach also means
minimizing the cyberthreats exposition surface
by identifying risks scenarios and implementing
organizational or technical security controls.
26. 26
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
Ludovic Lecomte began his role as CISO at Inova in February 2022.
After spending 10 years in Cybersecurity consulting and audit roles, Ludovic built a certified Information Security
Management System from scratch for Inova. Ludovic leveraged his communication skills, risk engineering and
passion for new technologies to take cybersecurity to the next level.
In addition to adopting a rigorous risk-based approach to cybersecurity, he is committed to building a digital trust
space for both customers and internal users. Ludovic is always ready to share his expertise with the broader CISO
community and with students training to be future Cybersecurity engineers at a French university.
Ludovic Lecomte, Inova, France
27. by Christiane Wuillamie OBE, FIRL
Why Is Cyber Security
So Difficult?
27
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
Cybercrime is a significant business risk, and every industry is under relentless attack from
cybercriminal gangs and nation state cyber armies. Yet Boards and the CISO are struggling to build
cyber secure organizations.
All Boards are concerned about potential cyberattacks, and CISOs work hard to provide adequate
technology solutions and cyber risk oversight. So why is effective cyber security so difficult?
We believe there are two fundamental issues that undermine an effective cyber security posture.
The first is the erroneous belief that cyber security is mainly a technology issue. Cyber security is
really a business issue that can damage their business performance, market value and brand
reputation. A large majority of successful cyber breaches involve human error, and weak business
processes are easily exploitable by cyber criminals. Effective cyber security is a combination of
aware and well-trained employees, effective end-to-end work processes, and up to date technology
applications.
The second issue that undermines cyber security is that most companies operate in functional
silos, focusing most of their time and resources on functional business objectives and not overall
enterprise issues. Few business leaders understand their function’s contribution to Cyber
Resilience and overly rely on technology and the CISO for protection. One of the reasons cyber
criminals are so successful is that they go after the weakest links, which are often people and
processes in non-technical functions.
Taking an Enterprise View
A company’s cyber security posture impacts business results, positively or negatively. Building a strong
cyber security culture requires every function to be aligned and joined up and for the Board to take an
enterprise view of cyber security.
When the Board adopts an enterprise view of cyber security as a business risk, they begin to demand
oversight in all three areas – people, processes, and technology. In addition, when the CISO steps out
of a purely technology role and into the role of Enterprise Cyber Security Officer, it is possible to
engage all business functions on mitigating cyber related business risks.
The Board can improve cyber security by mandating that all functions have the shared objective of
cyber security and use internal company data to measure how each function is strengthening their
cyber security posture. An enterprise-wide cyber security posture is an effective weapon against the
growing tsunami of cyber-attacks. The modern CISO must step up and step in to educate and partner
with the Board and business leaders for better cyber security oversight and risk mitigation strategies.
28. 28
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
Christiane Wuillamie OBE, UK
Christiane Wuillamie OBE has done every job in Technology from coding, to being CIO in Financial
Services. She built and operationalised a strong, high-performance culture in every role. Christiane
leverages technology to solve business challenges through developing people and implementing
joined-up processes that deliver competitive advantage.
In the fast-changing cyber world, Christiane believes that only a strong culture of collaboration,
transparency and responsible leadership can deliver safety and security for all. Christiane is the co-
founder of a technology firm, PYXIS Culture Technologies that is quantifying the linkage between
corporate culture, leadership and business results and helping senior leaders understand how
culture impacts cyber security.
29. by Emilio IASIELLO
CISOs Need Strategic Thinking
to Be Effective
29
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
The Chief Information Security Officer, or CISO,
is fast-becoming one of the more difficult C-
Suite positions to fill. The CISO role has been
plagued with turnover, the average tenure
lasting anywhere from 18 to 26 months. This
doesn’t come as a surprise as the CISO is
inundated with an array of challenges that
include a nonstop barrage of diverse cyber
threats seeking to exploit the enterprise he
watches over, internal competition to secure
budgetary resources to aid in his defense
efforts, lack of authority to instil necessary
change, and convincing the larger C-Suite as to
why certain security measures are needed
regardless of their cost. Indeed, in many ways,
the modern-day CISO is the cybersecurity
equivalent of Sisyphus struggling to protect the
network enterprise only to see another incident
set him back on progress.
Therefore, it is unsurprising that CISOs suffer
from an incredible amount of stress due to
their critical role of minimizing their
organizations’ cyber risks. Hiring talent,
researching new industry updates and trends,
tracking security metrics, developing policies
and plans, and managing information systems
are overwhelming responsibilities that can take
its toll. A 2020 CISO study found that 88% of
those surveyed were tremendously stressed, a
minor decrease from the 91% reporting that
same affliction in 2019. Most of these
individuals believed that they and their teams
were expected to work longer hours than any
other department in their respective
organizations. Findings revealed that the
consequences of working considerable
amounts of overtime, poor work-life
balances, and 24x7 security concerns
contributed significantly to their poor
physical, mental, and emotional well-being.
Due to their multifaceted security
responsibilities, there is a tendency for CISOs
to try to do everything at once, as the dynamic
cyber threat landscape brings change at a pace
faster than most organizations can address.
These unique set of challenges makes the CISO
role part security expert, part security
prognosticator requiring the individual to find
balance in managing today’s risks with an eye
toward the future.With these seemingly
contradictory goals in mind, strategic thinking
may be the best asset for CISOs in today’s
environment, as it is essential for planning,
resourcing, and creating new ideas that spurn
new opportunities. However, in order to
accomplish these goals, the CISO must work
with the budgetary, personnel, and material
resources at hand to build the organization’s
cyber resilience. This is where strategic
thinking becomes paramount because it helps
the CISO implement security operations with a
“doing more with less” philosophy many
organizations must adopt.
By embracing strategic thinking, CISOs will lay
the cornerstone of their organization’s
cybersecurity posture through preparation. This
is essential in helping the CISO organize and
prioritize the myriad of security needs that
must be addressed. Whether it’s the threat
landscape or changes within the organizations,
the CISO’s greatest strength is the ability to
anticipate and adapt to evolving conditions.
This requires knowledge and understanding of
existing and emerging threats, as well as the
direction the organization is going. CISOs want
to have advanced warning to be proactive and
not be caught reacting to situations.
Strategic thinking will empower the CISO to
interpret challenges in ways that provide
insightful solutions to them.
30. by Emilio IASIELLO
>>
30
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
Be being able to interpret challenges, creative thinkers will search out multiple and where possible
unique data sources to digest and synthesize, and better inform their decision-making calculus.
Finding unorthodox but tenable solutions are the result of an inquisitive but open mind and a
willingness to learn. All of these feed into a comprehensive strategic thinking process.
By implementing strategic thinking, the CISO is better able to align these solutions with the
challenges in his or her portfolio. Having solutions that do not fit into the organization’s needs
when the organization needs them is poor preparation. Solutions must align to not only the
problems but also the prioritized requirements. This is why CISOs must be in constant
communication with the rest of the C-Suite, ensuring that the work is in concert with other
stakeholders and consistent with the vision held by the other chief executives. Getting buy-in and
making sure initiatives are in line with the C-Suite will help garner budgetary and professional
support, and by extension, commitment from the top brass.
The effective CISO will balance strategy with execution and ensure that any initiatives
coincide with other projects that may overlap or at least intersect with them.
Because the bottom line is that CISOs must marry what the organization needs with what a CISO
can give. This demonstrates leadership, responsiveness to key needs, and the ability to deliver, all
hallmarks of a successful plan for a focused and resilient cybersecurity program. Quick wins pave
the road for larger gains, and while not everything goes to plan, having a pre-planned roadmap will
help CISOs navigate unexpected obstacles, and recalibrate without suffering substantial setbacks.
Emilio IASIELLO, USA
20+ years’ experience as a
strategic cyber intelligence
analyst, supporting US
government civilian and military
intelligence organizations, as well
as the private sector. He has
delivered cyber threat
presentations to domestic and
international audiences and has
published extensively in such
peer-reviewed journals as
Parameters, Journal of Strategic
Security, the Georgetown Journal
of International Affairs, and the
Cyber Defense Review, among
others. All comments and opinions
expressed are solely his own.
31. by Craig Ford
31
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
Hard As Nails
Battle-Hardened Soldiers
The CISOs
You would have to be crazy to want this job?
What is a CISO? Leader of your organization's cyber security team. A CISO is someone who can
stand in a pot of boiling water, juggling fire sticks, dodging attacks from known and unknown
opponents, from all different directions, while still negotiating budget reversals to claw back funds
that were previously taken off the team because many organizations still don’t see a huge return on
investment from investing in security.
CISOs don’t all look the same, some wear suits, some wear jeans and polo shirts, some boys and
some girls but essentially speaking deep down they are hard as nails, battle-hardened soldiers of
the cyber security fight that many don’t even know to exist.
I know I am being dramatic, I’m using a bit of Hollywood flair here, but you must understand the
strength and perseverance of these leaders who do a job every day, that is hard.
I mean really hard.
The average career tenure for a CISO is seven years. Yes, that’s right 7 years. Let us think about
this for a moment, you have worked hard for 20 years in the trenches, really fighting your way
through the garbage, and you have spent $50K or more on qualifications so that you can have your
seat at the table to then be lucky if you can survive in that job, the coveted CISO position for maybe
5-7 years before you burn out or just say screw it, I’m out.
That’s a huge issue, we need to support these heroes more, and help them do what they need to do.
Stop cutting budgets because you can’t see the return on investments, the reason you are not seeing a
return on your investment is that the team is doing what they are supposed to be doing, protecting
your organization, sheltering you through the storm. The more you cut from the team, the more
corners that will be cut in your security, and the more chances of you and your organization being on
the morning news and not in a good way.
So, stand tall as CISOs, let's walk through the burning coals together and let’s start to beat back that
avalanche of attacks. Let’s start to turn the tide of this cyber war on the malicious actors, and show
them that we will not fold under the pressure.
Make smart choices, invest our time and money into problems we can solve, don’t waste precious
resources on flashy new blinky lights, get the basics right and we can all celebrate at the end of our
seven-year reigns. We have survived with minimal scares.
We got this.
32. 32
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
Craig Ford is a wizard of the dark arts, a conjurer of the cyber world, he delves into ethical hacking,
security engineering and user awareness. He is not one of those hackers who hides in the dark,
hunched over his keyboard wearing gloves just doing his thing. No, Craig stands tall in the light, no
hoodies here (Unless it's really cold then he might just buckle on that stance).
He is a wielder of words, with works talking about all things cyber for Top Cyber News Magazine,
CSO Online, Women in Security magazine, AISA Cyber Australia and Cyber Today magazines and so
many more we don’t have the space to mention. He has written some books (A Hacker I Am Series)
that will pull you down the cyber security rabbit hole and leave you wanting so much more. He has
a new hacker novel, Foresight (Shadow and Vulcan to follow in 2023).
Unlike many hackers, he isn’t too hard to find, look him up, and you will not need to search long.
When you do find him, you can find all the usual acronyms and whatnot.
He is a defender of cyberspace, here to stand with you on the war that is coming between good
(your friendly neighbourhood hacker, cyber professionals and whatnot) and evil (Malicious actors,
cyber thugs, criminals). What side are you on?
Craig Ford, Australia
33. 33
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
Insights and great moments from
the Inaugural Global
Cybersecurity Conference 2022
in Zurich, Switzerland
35. by Dr. Vivian Lyon, DIT, MBA, CRISC, CISM, CISA, CEH, PMP, CCSK, ITILv4
CISOs’ Emotional Intelligence
in Remote Working Era
35
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
Applying emotional intelligence to the remote
working environment increases employee
success, retention, satisfaction, and
productivity. Emotional Intelligence from a
CISOs lens might positively and significantly
impact the remote working experience.
What is Emotional Intelligence?
From a cyber, technology, and business leader
standpoint, emotional intelligence is the ability
to discern your and others' emotions precisely;
to understand the cues that emotions convey
about relationships; and manage your own and
others' emotions. CISOs should measure four
distinct areas of competency related to
emotional intelligence: self-awareness, self-
management, social awareness, and
relationship management.
Emotional self-awareness is the ability to
notice and label one's feelings, emotions, or
reactions and connect them to the source of
the emotions, feelings, or reactions. Identifying,
understanding, and assessing how one's
emotions, feelings, or reactions impact oneself
and others is a valuable insight that can
improve relationships and experiences. CISOs
that have a strong self-awareness: know what,
when, and why they feel the way they do and
how their emotions impact what they say and
do. CISOs struggling with self-awareness may
experience: difficulty understanding their
emotions, get upset quickly/easily, and have a
hard time with work-life balance. Emotional
self-awareness development strategies that
CISOs may adopt include: taking an emotional
intelligence assessment to gather a baseline,
regularly checking how you are feeling and
why, making time for self-reflection, practicing
healthy self-talk, and seeking and acting upon
feedback.
Behavioral self-management is the ability to
control one's emotions. CISOs with solid self-
management skills show: level-headedness,
positivity, and focus when faced with hostility
or conflict. CISOs struggling with self-
management may: react impulsively, be
defensive, are quick to judge, and inadequately
resolve problems. Self-management
development strategies that CISOs may adopt
include: keeping a journal that identifies
emotions and triggers and may be used to craft
composure, focus, and productive situational
plans.
Social awareness, also known as the
awareness of others' emotions and feelings, is
the ability to sense what others are feeling
(empathy), sense and understand their
perspectives within the scope of the situation
or organization (organizational awareness), and
anticipate their needs (service orientation).
CISOs could take an active interest in learning
and understanding how others feel or their
thoughts about a particular situation. CISOs
with strong social awareness demonstrate:
active listening and observing what is felt, i.e.,
empathy to illustrate understanding of others'
feelings and perspectives and working to reach
a resolution based on specific needs. CISOs
that struggle with social awareness may
experience difficulty understanding the needs
of others, being selective instead of actively
listening, acting without thinking about others'
feelings or perspectives, having challenges
sensing what others may be feeling, and may
be uncaring. Social awareness development
strategies that CISOs may adopt include:
practicing empathy, active listening, and
communicating with others to develop
situational, organizational, and service
orientation awareness.
36. by Dr. Vivian Lyon
>>
36
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
Relationship management refers to the ability
to combine self and social awareness into
conductive and rewarding outcomes. CISOs
with solid relationship management
demonstrate the ability to sense the
development needs of others, inspire others,
positively influence others, mitigate conflict,
and build teams by working with others toward
a shared goal. Communication is at the heart of
relationship management and the ability to
listen deeply and openly, including sending
clear, credible, and convincing messages that
provide context, understanding, and direction.
CISOs with solid relationship management
skills may demonstrate: context-driven
communications within the scope of how
individuals may perceive or react, actively
listen, promote transparent communication, are
open to feedback or different perspectives
without becoming defensive, and communicate
in a logical, organized, and straightforward
manner. CISOs that struggle with relationship
management may experience: the inability to
listen, interrupt, fail to ask for other opinions or
are not open to feedback, lack of consideration
of others, inconsiderate to different
perspectives or feelings, impulsive
communications, and unapproachable.
Relationship management development
strategies that CISOs may adopt include:
reflecting upon coaching, influencing,
persuading, inspirational leadership, and
conflict management practices that may help to
develop trust and improve communications,
relationships (individuals, teams, etc.), and
performance.
Where does emotional intelligence appear in
the remote working environment?
In a nutshell, everywhere. Remote workers
experience emotions from interacting with
colleagues, clients, and managers in the
remote work environment. The emotional
reactions to the interactions impact attitudes,
behaviors, and experiences.
37. by Dr. Vivian Lyon
>>
These three critical needs, autonomy,
competence, and relatedness, are crucial in
how CISOs lead toward an optimal emotional
intelligence experience in the remote working
environment. Neuroscience research reveals
that if we humans start, persist, and put in the
mental effort on anything, including working,
the brain will change and adapt regardless of
whether the human “likes” the working
environment or not. Compare the effort of the
remote working environment for the brain to
exercise for the body. Some humans may not
like working out 30 minutes a day, yet if they
start, persist, and put in the effort, their
muscles and health will improve and change
immediately. CISOs and remote workers can
adapt to the remote working environment while
promoting optimal emotional intelligence.
CISOs can help motivate remote workers and
develop in-depth emotional skills through their
experiences. CISOs must promote value, self-
efficacy, and attribution and avoid negative
emotional states.
Valuing - If workers value the remote working
experience or identify their "why," they are far
more likely to start, persist, and put in the
mental effort. CISOs must engage remote
workers in considering "what's in it for them"
and identifying what they value will increase
their persistence and, ultimately, their
competence and productivity.
Self-efficacy - This element relates to the need
for competence. If remote workers believe they
cannot accomplish something, regardless of
their value, they may not start, persist, or put
in the mental effort. CISOs must emphasize
that they can achieve their tasks timely through
good-natured and emotionally intelligent
support.
37
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
38. 38
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
Dr. Vivian Lyon is a highly experienced, passionate Cybersecurity, Technology, and Cloud leader. She is
currently the CIO & CISO of Plaza Dynamics and a Cybersecurity and Computer Science Professor. Dr.
Lyon holds a Doctor of Information Technology (DIT) degree with a concentration in Cybersecurity,
Master of Business Administration (MBA), Certified in Risk and Information Systems Control™
(CRISC®), Certified Information Security Manager® (CISM®), Certified Information Systems Auditor®
(CISA®), Certified Ethical Hacker (CEH), Certified Cloud Security Knowledge® (CCSK), CompTIA
Security+, ITILv4® (ITILv4), Certified Identity Governance Expert (CIGE®), Certified Metaverse Security
Consultant (CMSC®), NFT Certification, Project Management Professional (PMP®), PMI Agile Certified
Practitioner (PMP-ACP®), Certified Scrum Master (CSM®), Certified Scrum Product Owner (CSPO®),
Certified DevOps Generalist™, AWS Certified Solutions Architect Associate (AWS CSAA), AWS Certified
Cloud Practitioner (AWS CCP), and more.
Dr. Lyon mentor’s girls and women in STEM fields. She is an active member of Forbes Technology
Council, Women in Technology (WIT), Executive Women's Forum (EWF), National Society of Leadership
& Success (NSLS), Cybersecurity Advisory Boards, RSA Fellow, and more.
Dr. Vivian Lyon, USA
39. MAGAZINE
Human Centered Communication Of Technology, Innovation, and Cybersecurity
TOP CYBER NEWS
Ludmila Morozova-Buss
Doctoral Student at
Capitol Technology University
ABOUT PEOPLE, BY PEOPLE, FOR PEOPLE
Editor-In-Chief
AN AWARD -WINNING DIGITAL MAGAZINE
39
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
40. MAGAZINE
TOP CYBER NEWS
«Thank you for making us all a true global Cyber Community! Our
Cyber Community, as exemplified in Top Cyber News MAGAZINE is
the ENVY of all other industries! We celebrate each other, and do so
across continents and language barriers. Today we celebrate Top
Cyber News MAGAZINE, Ludmila Morozova-Buss!»
Dr. Diane M Janosek, JD, CISSP, LPEC, Deputy Director of Compliance at
National Security Agency, USA
«Ludmila Morozova-Buss - you are one of the best cyber integrators -
how magically you have weaved the fabric of wonderful cyber warriors
all across the globe 🌎. Your work will find a place in our Cyber
history for generations to come.»
Prabir SAHA, Founder & CEO at Transformationplus Pty Limited, Australia
«Top Cyber News MAGAZINE continues to highlight those leaders of
cybersecurity that others may not know and at the same time inspiring
many others to become our future leaders in a cyber career that is so
desperately in need of additional employees»
Dr. Bradford SIMS, FRAeS, President at Capitol Technology University, USA
«For a while I have been working with Top Cyber News MAGAZINE, a
sharp editorial team that managed to build a community of
cybersecurity professionals from various domains. Great work!»
Margo KONIUSZEWSKI, President at The Bridge Foundation, Switzerland &
Poland
«The Cyber Security professionals that the magazine celebrates are all
of the Heroes whose Time + Talent + Treasure were brought to bear
to bridge the divide between the future-history and today.»
Stewart A SKOMRA, Principal, SocioTechonomic LLC, USA
40
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved