Here’s What You Missed at the Transformational CISO Assembly

  • By Josie Witaschek
  • in
  • on August 20, 2021

This week, cybersecurity’s leading CISOs, academics, and thought leaders came together for our Transformational CISO Virtual Assembly to discuss digital transformation and security’s evolving threat landscape. In case you were unable to join us, check out our event highlights below!

Opening Keynote Address

Day one kicked off with an opening keynote on CISO best practices. Some of the key points discussed were:

    • When things go awry: Admitting something bad happened takes professional courage. Thoroughly describe why it happened, and work on cultivating a relationship of trust with your board members.
    • To pay or not to pay? The answer to that question depends on the impact the attack has on the business, its reputation, and the risk of data loss. It’s crucial that you deeply understand how ransomware works.
    • How can you 100% protect yourself? In short, you can’t. You can mitigate risks by hardening your systems and knowing your endpoints, but 100% protection just isn’t realistic.
    • Relationships and trust go a long way: Building relationships with your industry peers is a crucial aspect of leadership, and it can preclude a “bad day” in cyber. Connections give you the valuable knowledge of better understanding your industry’s evolving threat landscape (hint hint…our next Transformational CISO Virtual Assembly is the perfect opportunity to build these relationships!)
  • Cyber’s future relies on growing the candidate pool: It all starts with the younger generation, and investing in STEM education for K-12 is crucial. But what can we do today? Security leaders should become more flexible with their job requirements, and perhaps tap into non-traditional sources for recruitment.

Workshop Discussions

On Zero trust Implementation: For some, Zero trust can mean starting AT zero. Mike Novak, CISO and VP of IT Security at HardRock Seminole, noted “It’s a marathon to get there.” But where can we start? Novak shared that a great way to jumpstart implementation is with your identity access management. It’s important to audit who has access to what, understand who is coming and going, and to thoroughly segment your network. Having “too many cooks in the kitchen” can often be the demise of a security framework, and it’s important to not become overwhelmed with the “shiny, new technology” that is constantly being released. A key security measure is to implement the use of MFA (multi-factor authentication) and SSO (single sign-on), as Zero trust does not work well with shared accounts. When it comes to passwords, Novak recommends that as tedious as it may sound, they should be changed every 60 days. 

Mike closed out his session with these points: 

  • Invest in cyber posture instead of potentially paying out a ransom one day.
  • Gather peer and executive support as it will always serve you well in the long run

If you are interested in implementing a Zero-trust framework into your business, Mike references Forrester’s guide as a good resource to rely on when starting this journey.

Improving Board Communication: Troy Wilkinson, Global Director of Cybersecurity Operations at Interpublic Group shares, “To accomplish security, we need to get our financial stakeholders on our team, and in order to do that, we must learn how to communicate with them effectively.” Wilkinson understands that being able to translate technical information for your board is one of the most challenging, yet crucial, aspects of the CISO role. 

He shared these tips on building a strong relationship with your board:

  • Create a two-way dialogue with board members, and foster an environment of trust.
  • Ensure that your message reaches members with technical AND non-technical backgrounds.
  • Always illustrate how you are reducing risk in a monetary sense.

The Difference Between Compliance & Readiness: Alvin Plater, CISO at the Department of Navy described compliance as “meeting various controls to protect the confidentiality, integrity, and availability of your data”. Whereas readiness is the “ability to securely deliver business information to the right hands at the right time”. Plater weighed in that cybersecurity leaders must invest in Zero-trust principles, and make cybersecurity a priority within their organizations. At the core, cybersecurity is a commitment to readiness for reducing the likelihood and severity of an attack, which consists of two critical elements: cyber intelligence and cybersecurity strategic alignment.

CISO Keynote Panel 

“2021’s New Normal: Adapting in the Face of Evolving Workforce Conditions”

Eric Johnson, Dean at Vanderbilt University Owen Graduate School of Management led our Day 2 panel discussion on how CISOs are adapting to the new workforce in 2021. Panelists included Sujeet Bambawale from 7-Eleven, Stephen Davis from Revlon, Gary Eppinger from CSX, and Elizabeth Ogunti from JBT Corporation. The group shared their experiences and insights on hiring processes, response plans, third-party security, and awareness education. 

Some key takeaways:

  • Rank your vendors by risk factors and implement testing and validation techniques
  • Start treating the risk of your vendors the same as the risk in your own organization
  • Instead of having response plans focused solely on IT, develop plans that go wider into internal business.
  • Visibility is key, understand where your data is and the impact it has on your business.
  • Educate your organization’s customers on your security measures. Give them a platform to ask questions about what you’re doing to keep their data safe, and manage expectations for both security and privacy.
  • Covid-19 has inspired collective intelligence, which means you should share with the community what behaviors you’re flagging. Holding back this information is not going to help you or anyone else – cybersecurity leaders are all fighting a common enemy. 
  • Hiring from the industry is inorganic, whereas supporting development for in-house talent is organic. We should assess for actual interest and follow the talent instead of staying within confined perimeters. 

Check out what is new with our Solution Providers

AT&T Cybersecurity    |    BeyondTrust    |     Fortinet    |     Qualys

Until Next Time…

Don’t miss out on the next Transformational CISO Assembly. Go here to request an invite for the November 9-10 Assembly!

Leave a Reply

PUBLISHED BY Josie Witaschek

View all posts by Josie Witaschek

Related Posts

#MillenniumLive , Podcast

Listen to #MillenniumLive on Amazon Music!

2021 has been a year of milestones for our #MillenniumLive podcast – we released on Spotify, recorded our 100th episode, and we were joined by some of the most influential guests to date. Now we’re thrilled to announce that #MillenniumLive is available for listening on Amazon Music! Haven’t listened to our podcast before? Here’s the […]

#MillenniumLive , CIO , Data , Podcast

#MillenniumLive Episode: Getting Started on your Data Journey with Joe DosSantos from Qlik

This week #MillenniumLive welcomes back Joe DosSantos, the Chief Data & Analytics Officer at Qlik. Joe gives some insight on offensive vs defensive data strategies, the importance of data accessibility, and provides tips on starting your analytics journey. He emphasizes the importance of understanding what your data is, tagging it, organizing it, and making it […]

Healthcare

Experiential Retail: A Post Pandemic Guide

Contributed by our partners at AnyRoad Brick-and-mortar retailers saw significant reductions in foot traffic last year while e-commerce sales peaked in Q4 2020, but a natural balance is slowly returning as the pandemic subsides and competition among retailers is tougher than ever. As things open up, some brands (such as Home Depot, Williams Sonoma, etc.) […]

CISO

Transformational CISO Leader, Rinki Sethi, Keynotes Our November Assembly!

On November 8th, The Millennium Alliance Transformational CISO Assembly kicks off with a keynote address from Rinki Sethi, current Chief Information Security Officer (CISO) at Twitter. Rinki is an award-winning leader and executive with experience leading and developing innovative online security infrastructure for Fortune 500 companies like IBM, PG&E, Walmart.com, and eBay. She is recognized […]

Lovin’ Digital Diary?

Premium content to our readers interested in all things business.

Check Us Out!

Millennium Membership offers Fortune 1000 C-Level executives, leading public sector/government officials, and thought leaders across a variety of disciplines unique and exclusive opportunities to meet their peers, understand industry developments, and receive introductions to new technology and service advancements to help grow their career and overall company value.

About Millenium Alliance Next

About Digital Diary

Created to provide premium content to our readers interested in all things business.

Launched in 2017, Digital Diary was created to provide premium content to our readers interested in all things business. With our blogs catered to deliver the top news stories, trends, and interviews from across all industries.

Read all story Next

Millennium Alliance Membership

Learn More Next

What does it mean to be a Millennium Member? In the midst of the constant disruption across all industries, our members are given the tools they need to digitally transform their organizations and become the best leaders they can be. Millennium Members are provided the exclusive opportunity to attend our 40+ intimate in person and virtual Assemblies, take part in industry-leading Executive Education sessions conducted by the nation’s leading academic institutions, business leaders, and technology providers and receive industry leading content through our Digital Diary Platform as well as the rapidly growing #MillenniumLive Podcast Series.