The last SASIG meeting in London on 8th May 2018 examined the role and career of the CISO. It is hard to walk out of an event like this one not feeling that a number of things are seriously going round in circle in the security industry.
Constant firefighting downgrades the role and the CISO must fight to avoid its gravitational pull
So … May 25th came and went, quickly followed by the football world cup and a heatwave which wrecked most of Europe and many other parts of the world …
Around GDPR, bureaucracy claimed birthrights over the act and things went back to normal: Snake oil vendors packed their stalls and alleged experts headed for the beach … The anti-climax was predictable, and we are still going through that phase where all players are expecting regulators to set their first fines and wondering “where the big one is going to come from”.
Driving security transformation is becoming key; not justifying investments
The age-long debate around security metrics and dashboards seems very much alive within the CISO community. But it is often positioned in an outdated historical perspective.
For many CISOs, it seems to be still about “justifying investments” or articulating some form of “return on security investment”.
Spectacular recent developments in Artificial Intelligence (AI) are feeding many fantasies in the world of cybersecurity. Almost everything can be heard on the topic, from the looming obsolescence of even the best defence solutions to an open war between AIs developed by various tech powers – including states. It often feels very complicated for executives to prepare themselves for what’s ahead.