Cybersecurity

The Business Value of Cybersecurity by Jean-Christophe Gaillard

Cybersecurity is rising as a key issue on the radar of virtually all organisations. According to a recent AT Kearney report, cyber-attacks have been topping executives’ lists of business risks for three straight years. This concern is also driven by security and privacy becoming increasingly valued by customers, and by regulators stepping into the topic (GDPR in Europe, California Consumer Privacy Act of 2018).

Three factors marginalising the historical role of the CISO by Jean-Christophe Gaillard

The last SASIG meeting in London on 8th May 2018 examined the role and career of the CISO. It is hard to walk out of an event like this one not feeling that a number of things are seriously going round in circle in the security industry.

GDPR: Where are we now? And what happens next? by Jean-Christophe Gaillard

So … May 25th came and went, quickly followed by the football world cup and a heatwave which wrecked most of Europe and many other parts of the world …

Around GDPR, bureaucracy claimed birthrights over the act and things went back to normal: Snake oil vendors packed their stalls and alleged experts headed for the beach … The anti-climax was predictable, and we are still going through that phase where all players are expecting regulators to set their first fines and wondering “where the big one is going to come from”.

The Shifting Debate around Security Metrics by Jean-Christophe Gaillard

Driving security transformation is becoming key; not justifying investments

The age-long debate around security metrics and dashboards seems very much alive within the CISO community. But it is often positioned in an outdated historical perspective.
For many CISOs, it seems to be still about “justifying investments” or articulating some form of “return on security investment”.

Artificial Intelligence, Cybersecurity, and Common Sense by Jean-Christophe Gaillard

Spectacular recent developments in Artificial Intelligence (AI) are feeding many fantasies in the world of cybersecurity. Almost everything can be heard on the topic, from the looming obsolescence of even the best defence solutions to an open war between AIs developed by various tech powers – including states. It often feels very complicated for executives to prepare themselves for what’s ahead.

What to look out for when hiring a new CISO? by Jean-Christophe Gaillard

The traditional role of the CISO is changing.

It is being challenged by emerging new regulations such as GDPR, which are impacting all industry sectors, and the arrival on the scene of the new role of the DPOin many firms.

The First 100 Days of the New CISO by Jean-Christophe Gaillard

There is some form of management reality beyond the “100 days” journalistic cliché: How does an incoming executive make an impact in a new role? What are the real timeframes to look at, and what can be expected and over what horizon? What are the key issues that should raise a red flag during the first few months in a new senior position? and those which can be ignored?

The Transformational CISO: Making an impact and driving change … and what happens beyond the 6 months horizon by Jean-Christophe Gaillard

Through this series, we have examined how an incoming CISO can create the conditions to truly make a difference in their new job.

Of course, as we stated in the introductory article, all companies are different from one another and so are most individuals. Each will be at their particular stage in terms of security or managerial maturity.

The 6 Months Horizon: The Firm and its Culture: Defining and validating an Execution Framework by Jean-Christophe Gaillard

This is the point when you really get stuck in. By now, you would have been in the new CISO job for about 2 months and it should start to feel less and less like a new job. Of course, this is not really about 100 days, and you should also start to realise it.