Here’s What You Missed at the Transformational CISO Assembly

  • By Josie Witaschek
  • in
  • on August 20, 2021

This week, cybersecurity’s leading CISOs, academics, and thought leaders came together for our Transformational CISO Virtual Assembly to discuss digital transformation and security’s evolving threat landscape. In case you were unable to join us, check out our event highlights below!

Opening Keynote Address

Day one kicked off with an opening keynote on CISO best practices. Some of the key points discussed were:

    • When things go awry: Admitting something bad happened takes professional courage. Thoroughly describe why it happened, and work on cultivating a relationship of trust with your board members.
    • To pay or not to pay? The answer to that question depends on the impact the attack has on the business, its reputation, and the risk of data loss. It’s crucial that you deeply understand how ransomware works.
    • How can you 100% protect yourself? In short, you can’t. You can mitigate risks by hardening your systems and knowing your endpoints, but 100% protection just isn’t realistic.
    • Relationships and trust go a long way: Building relationships with your industry peers is a crucial aspect of leadership, and it can preclude a “bad day” in cyber. Connections give you the valuable knowledge of better understanding your industry’s evolving threat landscape (hint hint…our next Transformational CISO Virtual Assembly is the perfect opportunity to build these relationships!)
  • Cyber’s future relies on growing the candidate pool: It all starts with the younger generation, and investing in STEM education for K-12 is crucial. But what can we do today? Security leaders should become more flexible with their job requirements, and perhaps tap into non-traditional sources for recruitment.

Workshop Discussions

On Zero trust Implementation: For some, Zero trust can mean starting AT zero. Mike Novak, CISO and VP of IT Security at HardRock Seminole, noted “It’s a marathon to get there.” But where can we start? Novak shared that a great way to jumpstart implementation is with your identity access management. It’s important to audit who has access to what, understand who is coming and going, and to thoroughly segment your network. Having “too many cooks in the kitchen” can often be the demise of a security framework, and it’s important to not become overwhelmed with the “shiny, new technology” that is constantly being released. A key security measure is to implement the use of MFA (multi-factor authentication) and SSO (single sign-on), as Zero trust does not work well with shared accounts. When it comes to passwords, Novak recommends that as tedious as it may sound, they should be changed every 60 days. 

Mike closed out his session with these points: 

  • Invest in cyber posture instead of potentially paying out a ransom one day.
  • Gather peer and executive support as it will always serve you well in the long run

If you are interested in implementing a Zero-trust framework into your business, Mike references Forrester’s guide as a good resource to rely on when starting this journey.

Improving Board Communication: Troy Wilkinson, Global Director of Cybersecurity Operations at Interpublic Group shares, “To accomplish security, we need to get our financial stakeholders on our team, and in order to do that, we must learn how to communicate with them effectively.” Wilkinson understands that being able to translate technical information for your board is one of the most challenging, yet crucial, aspects of the CISO role. 

He shared these tips on building a strong relationship with your board:

  • Create a two-way dialogue with board members, and foster an environment of trust.
  • Ensure that your message reaches members with technical AND non-technical backgrounds.
  • Always illustrate how you are reducing risk in a monetary sense.

The Difference Between Compliance & Readiness: Alvin Plater, CISO at the Department of Navy described compliance as “meeting various controls to protect the confidentiality, integrity, and availability of your data”. Whereas readiness is the “ability to securely deliver business information to the right hands at the right time”. Plater weighed in that cybersecurity leaders must invest in Zero-trust principles, and make cybersecurity a priority within their organizations. At the core, cybersecurity is a commitment to readiness for reducing the likelihood and severity of an attack, which consists of two critical elements: cyber intelligence and cybersecurity strategic alignment.

CISO Keynote Panel 

“2021’s New Normal: Adapting in the Face of Evolving Workforce Conditions”

Eric Johnson, Dean at Vanderbilt University Owen Graduate School of Management led our Day 2 panel discussion on how CISOs are adapting to the new workforce in 2021. Panelists included Sujeet Bambawale from 7-Eleven, Stephen Davis from Revlon, Gary Eppinger from CSX, and Elizabeth Ogunti from JBT Corporation. The group shared their experiences and insights on hiring processes, response plans, third-party security, and awareness education. 

Some key takeaways:

  • Rank your vendors by risk factors and implement testing and validation techniques
  • Start treating the risk of your vendors the same as the risk in your own organization
  • Instead of having response plans focused solely on IT, develop plans that go wider into internal business.
  • Visibility is key, understand where your data is and the impact it has on your business.
  • Educate your organization’s customers on your security measures. Give them a platform to ask questions about what you’re doing to keep their data safe, and manage expectations for both security and privacy.
  • Covid-19 has inspired collective intelligence, which means you should share with the community what behaviors you’re flagging. Holding back this information is not going to help you or anyone else – cybersecurity leaders are all fighting a common enemy. 
  • Hiring from the industry is inorganic, whereas supporting development for in-house talent is organic. We should assess for actual interest and follow the talent instead of staying within confined perimeters. 

Check out what is new with our Solution Providers

AT&T Cybersecurity    |    BeyondTrust    |     Fortinet    |     Qualys

Until Next Time…

Don’t miss out on the next Transformational CISO Assembly. Go here to request an invite for the November 9-10 Assembly!

Leave a Reply

PUBLISHED BY Josie Witaschek

View all posts by Josie Witaschek

Related Posts

Healthcare

Adam Myers, SVP and Chief Clinical Transformation Officer (CCTO) for the Blue Cross Blue Shield Association (BCBSA) Keynotes our Healthcare Providers and Payers Transformation Assembly

The Millennium Alliance is proud to announce Adam Myers will help start the 2022 season off strong with a keynote address at our upcoming Healthcare Providers and Payers Transformation Assembly on April 19-20. Myers is currently the SVP and Chief Clinical Transformation Officer (CCTO) for the Blue Cross Blue Shield Association (BCBSA), driving clinical transformation […]

#MillenniumLive , Healthcare , Interview , Podcast

#MillenniumLive on Patient Care Coordination with WellSky

#MillenniumLive welcomes Andy Eilert, President of Emerging Markets at WellSky. Andy joins us to chat about investment and growth in the healthcare payer space, care coordination at home, and WellSky’s industry-leading technology that’s enabling caregivers across the continuum. Watch the video interview below, or listen on Spotify, Apple, Amazon Music, Google Podcasts, or SoundCloud. About WellSky WellSky is a technology […]

CIO , Data

Jason Gislason, Chief Digital Officer at Chevron Phillips Chemical Company, Keynotes Our First Assembly of 2022!

The Millennium Alliance is proud to announce Jason Gislason will help start the 2022 season off strong with a keynote address at our upcoming Digital Enterprise CIO & Data Transformation Assembly on February 8-9, 2022. Gislason, currently the Chief Digital Officer at Chevron Phillips Chemical Company, has dedicated over two decades to transforming the Chemicals and […]

CIO , CISO , CMO , Data , Financial Services , Healthcare , Millennium Staff , Retail

Co-Founder of The Millennium Alliance Joins Young Presidents’ Organization (YPO)

NEW YORK – January 20, 2022 – The Millennium Alliance, an invitation-only organization for Senior-Level Executives and Business Transformers, has had the privilege over the past eight years of collaborating with many of the most accomplished C-Suite executives from across the globe. Millennium is excited to announce that its Co-Founder Alex Sobol is one of the newest […]

Lovin’ Digital Diary?

Premium content to our readers interested in all things business.

Check Us Out!

Millennium Membership offers Fortune 1000 C-Level executives, leading public sector/government officials, and thought leaders across a variety of disciplines unique and exclusive opportunities to meet their peers, understand industry developments, and receive introductions to new technology and service advancements to help grow their career and overall company value.

About Millenium Alliance Next

About Digital Diary

Created to provide premium content to our readers interested in all things business.

Launched in 2017, Digital Diary was created to provide premium content to our readers interested in all things business. With our blogs catered to deliver the top news stories, trends, and interviews from across all industries.

Read all story Next

Millennium Alliance Membership

Learn More Next

What does it mean to be a Millennium Member? In the midst of the constant disruption across all industries, our members are given the tools they need to digitally transform their organizations and become the best leaders they can be. Millennium Members are provided the exclusive opportunity to attend our 40+ intimate in person and virtual Assemblies, take part in industry-leading Executive Education sessions conducted by the nation’s leading academic institutions, business leaders, and technology providers and receive industry leading content through our Digital Diary Platform as well as the rapidly growing #MillenniumLive Podcast Series.