I recently had the opportunity to listen to the concerns and challenges facing Chief Information Security Officers (CISOs) at the Millennium Alliance’s outstanding Private Sector CISO & CIO Assembly in Dallas. The participants ranged from CISOs working in regional companies to multinationals and in industries from finance to retail to healthcare.
Our roundtable discussions focused on two areas – (1) leadership in a working environment that encourages innovation while meeting the growing demands of staying ahead of cyber threats (2) exploring the use of threat information in high demand cyber operational environments.
There are never “one size fits all” solutions to these issues, but having the opportunity to listen to CISOs discuss their best practices, successful and unsuccessful approaches in the open environment provided by the Millennium Alliance was helpful for all of us.
* Leadership: It was clear that the participants had thought about how to balance the need to “get the job done” with ensuring that skills grow and giving opportunities for innovation. There is no question that being allowed to do a little out of the box thinking builds enthusiasm, and some of our participants actually institutionalized this – allowing for work on new strategies and technologies on a regular basis. This is a kind of “break” from playing cyber defense in an increasingly environment.
Another phenomenon is keeping momentum going, especially after a serious incident, breach or intrusion. There’s a certain adrenalin that flows through the IT security workforce as they seek to defeat intruders or as they try to prevent damage. How do leaders prevent burnout but keep that enthusiasm and focus going? Engaged leadership seems to be the key, according to our participants. Morale building activities, recognition of outstanding efforts and focusing on potential future challenges were among the practices successful leaders utilized. It was noted that working through a crisis together actually helped the team instead of burning it out. The perception of how the CISO “ranks” within the company is also a factor – if it’s clear cyber security is a priority to the C-Suite and to the Board of Directors, this supports the importance of mission. This “sense of mission” is an intangible with significant impact on the ability to retain and attract team members with the right skills and work ethic.
* Threat Intelligence – More Is Less? There is a growing market of cyber threat intelligence providers, many of whom can What can an incisive threat intelligence effort bring to data and network protection? It depends, according to our CISOs – time is a very valuable commodity to the entire cybersecurity protection effort. There simply is not enough time to assimilate large volumes of threat and apply it to the enterprise. Even with large companies with larger staffs, there is a requirement for not just any intelligence information – but “actionable” intelligence. Simply put, cyber threat intelligence has to fill a strategic need, helping the CISO anticipate threats and build a resilient defense. To paraphrase some of our participants – “tell me how I can apply it now to my systems”. In some cases, CISOs admitted that unless the threat intelligence can be applied to automated systems, they can’t spend that much time on. Needing to balance the tactical vs the strategic is not limited to the cybersecurity industry, but practices that have succeeded in other threat environments can help inform a coherent threat intelligence service.
One of the valuable outcomes of our roundtable session’s was the opportunity to hear what threats occupy the majority of the CISO’s time and how they can minimize the impact of threats through information sharing fostered by networks such as Information Sharing and Assistance Centers for various industries (such as financial and health care industries). Even in those cases, we realized that there is still a need to drill deeper and separate “the noise from the signal”. This is where cyber intelligence services and products can really aid the practitioner and produce measurable benefits.
I work in both the private industry and academic environments and am a veteran of the government and intelligence sector. I left the Private Sector CISO & CIO Assembly with a great sense of “what really keeps CISOs up at night” – being able to apply our experiences and knowledge in a supportive and open environment was truly invaluable.
About The Millennium Alliance
The Millennium Alliance is a leading technology, business, and educational advisory firm. Focusing primarily in areas such as business transformation, executive education, growth, policy, and need analysis, Millennium is quickly becoming one of the most dynamic locations for collaboration across the world.