SlideShare a Scribd company logo

The Most Influential CISOs Of The Year 2024.pdf

T
THECIOWORLD

The Most Influential CISOs Of The Year 2024.pdf

Marketing
1 of 44
Download to read offline
2024 VOL: 01 ISSUE: 01 2024
The Cost of Convenience in Cyberspace is Eternal Vigilance Against Compromise ur world is more linked than it has ever been, and Othere is an incredible quantity of data and information available online. Although there is no denying that this interconnection has led to amazing developments and conveniences, it has also exposed us to fluctuations and new hazards. The growing advancement of technology has made cyber attacks inevitable, thus making it imperative for both individuals and corporations to prioritize cybersecurity as a critical business requirement. Consequently, the digitalization of our daily lives has not only revolutionized the way we work and communicate but has also given rise to an expanding global cyber threat landscape. No technology or piece of information connected to the internet is immune to potential breaches. As our dependence on technology grows, so does the sophistication of cyber threats, ranging from malware and phishing attacks to ransomware and sophisticated hacking techniques. The field of cybersecurity is expanding swiftly, making it somewhat challenging to stay up to date with all the newest advancements and approaches. Recognizing this challenge,
The CIO World brings an edition titled “The Most Influential CISOs of the Year 2024,” showcasing leaders in cybersecurity who have proven to be exceptionally skilled at addressing the convoluted and perpetually shifting discipline of cybersecurity. These leaders act as role models, exhibiting not just their technological proficiency but also their strategic vision for protecting companies from cyberattacks. Have a good read ahead! CIO - Alaya Brown Managing Editor
C O V E R S T O R Y Engr. Harrison Nnaji Ph.D. Charting the Course for Cybersecurity Excellence
James Tewes Transforming Businesses for Greater Value Sawan Joshi Guardian of Digital Frontiers Stuart Walsh Guardians of Data Integrity Metrics Every CISO Should Track Measuring Cybersecurity Effectiveness The Human Factor Addressing Insider Threats in Cybersecurity for CISOs Tariq Al-Shareef Cybersecurity Visionary and Global Contributor: Safeguarding Saudi Arabia’s Cyber Frontlines
In the dynamic landscape of today’s digital age, safeguarding sensitive information and digital assets has remained a paramount concern. The escalation of cyber threats necessitates visionary leaders who possess a deep understanding of cybersecurity intricacies along with the strategic foresight to pave the way for excellence. Meet Dr. Engr. Harrison Nnaji, a distinguished professional with an impressive array of qualifications, including four Masters degrees, a Ph.D., and an extensive list of certifications: CCISO, CISM, CEH, CCNP, CCSP, CISSP, MoR, and TOGAF9. With over 17 years of experience, he has earned a reputation as a trailblazer in the fields of cyber, data, and information security. His journey has been marked by consistent successes in steering organizations towards resilient security measures while optimizing resources for maximum impact. Harrison isn’t just known for his cybersecurity expertise; he's a prominent figure who generously shares his wealth of knowledge without reservation, particularly in areas such as: Empowering Organizations with Strategic Vision and Unyielding Security! The Most Influen al CISOs of the Year 2024
Dr. Harrison Nnaji Group Chief Informa on Security Officer FirstBank of Nigeria Ltd. & its Subsidiaries
Leadership: Harrison's leadership skills are evident in his ability to guide teams and foster unity, not just in securing systems but in bringing diverse groups together towards achieving common goals. Motivation: His commitment to excellence, evident in his pursuit of continuous professional development, serves as motivation for those around him. He also regularly shares motivational nuggets across different channels to keep his followership engaged, coached, and guided. Career Success: With a track record of transforming challenges into opportunities, Harrison has consistently delivered year-over-year improvements in key metrics, cementing his role as a transformational force. Entrepreneurship: His strategic acumen goes beyond traditional roles, as he has demonstrated an entrepreneurial spirit in his ability to engineer, design, and deliver security solutions that transcend industry boundaries. Harrison Nnaji is the Group Chief Information Security Officer (CISO) at FirstBank Nigeria Ltd. and Its Subsidiaries, where his influence extends far beyond his formal title. Holding a degree in Electrical and Electronics Engineering, a Master’s in Project Management, M.Phil. in Management, an M.Sc. in Security Management, and another M.Sc. in Cyber Security majoring in Cloud Security, he possesses a formidable skill set, knowledge, and experience. His unwavering commitment to ethical standards and integrity are evident in every facet of his work. Harrison’s legacy is built on his ability to seamlessly engineer, design, and deliver security solutions that transcend industry boundaries. His expertise in internetworking, IT governance, infrastructure architectures, people management, emerging technologies, strategy formulation and execution, and IT delivery management has been instrumental in fostering holistic improvements in the cyber security landscapes. A diplomatic virtuoso, Harrison's natural affinity for building relationships, persuading stakeholders, and fostering consensus sets him apart as a leader who not only secures systems but unites teams. His journey thrives in a fast-paced, multicultural, and multilingual arena, where challenges fuel his growth, and his dedication to continual professional development is palpable in every endeavor. Under his leadership, working with all stakeholders to harmonize emerging technologies and secure computing practices have been nothing short of exemplary. His ability to turn challenges into opportunities has led to remarkable year-over-year improvements in key metrics. His pursuit of excellence remains unwavering, ensuring that loyalty, productivity, and profitability are constant companions on his journey. These achievements have earned Harrison Nnaji the title of “The Most Influential CISO of the Year 2024,” an award bestowed by The CIO World, a prestigious global magazine dedicated to sharing the inspiring and transformative stories of professionals and leading businesses worldwide. Below are the highlights of the interview: Unleashing Strategic Vision: Harrison Nnaji's Impact on Today's Security, Tomorrow's Possibilities Harrison Nnaji is an accomplished Data and Information Security Strategist & Practitioner with 17+ years of solid experience in the conception, engineering, design, delivery, operation, and optimization of cyber, data, and information security, risk management, networking, IT operations, and project management. He has achieved repeated successes in leading cybersecurity strategies and secure computing practices with both emerging and established technologies/processes, surpassing maximum operational impacts with minimum resource expenditures across diverse industries, including Banking, Telecommunications, Distribution, Original Equipment Manufacturers (OEMs), and Service Integration. His proficiency extends to areas such as internetworking, contract management, IT governance and processes, IT portfolio management, infrastructure architectures, and IT delivery management. Harrison possesses strong diplomatic skills, a natural affinity for cultivating relationships, and a talent for persuading, facilitating, and building consensus among diverse individuals, all with an undiluted focus on prime objectives. Thriving in a fast-paced, multicultural, multilingual, and multifaceted arena, Harrison embraces challenges as opportunities for continual professional growth. He is currently completing another Ph.D. in Offensive Cyber Engineering to deepen his knowledge of the continuous changes in the cyber threat landscape and the impact of the emerging technologies. Harrison's diverse capabilities translate to immediate value while upholding prevailing ethics and standards for integrity, dedication, teamwork, productivity, profitability, and excellence.
Visionary: From Engineering to Cybersecurity Leadership Prior to his academic pursuits, Harrison embarked on a career in Nigeria, fulfilling his national youth service requirements. He gained valuable experience working for Telnet, a premier IT systems organization in the country, where he served as an IT Support Engineer. This role fueled his passion for information technology and allowed him to witness various IT interactions, interventions, and troubleshooting processes. Taking advantage of this opportunity, Harrison began to develop his skills in IT alongside his engineering background. He obtained the Cisco Certified Network Associate certification even before his graduation from the national youth service program. Impressed by his performance, Telnet Nigeria Ltd. decided to retain his services as a Network Support Engineer, and he continued working for the company after completing his national youth service. Within Telnet, Harrison expanded his knowledge in information technology, focusing on networking and network technologies at a subsidiary called iTECO. He thereafter joined a new company, Reddington Nigeria Ltd, A VAD (Value Added Distributor) as the Cisco Pre-sales Engineer. This opportunity exposed him to sales, marketing, contract closure, partner management, and contract management, which significantly enhanced his customer engagement, people management skills and business acumen. During his time with Reddington Nigeria, where he worked on various projects and prospects, Harrison received another career opportunity to join Airtel Nigeria Ltd. a telecommunication company as an IT Security Specialist, shifting his focus from networking to security. This role exposed him to the Airtel Group’s practices and further expanded his experience in the telecommunications industry. He began working for IBM in 2011 as a manager of infrastructure and network security. He took on responsibility for networking and security components while supporting multiple projects at IBM. Driven by his will to improve his abilities, experiences, and knowledge as well as his willingness to take on new responsibilities for more value creation, Harrison's career kept developing.
This drive led him to pursue a Master’s Degree in Project Management, enabling him to contribute more effectively to major regional projects at IBM. In pursuit of his passion for organizational transformation and digitalization, Harrison seized an opportunity to join UBA Plc – a major Pan African Bank, as the pioneer Head of their Enterprise Security Division. During his tenure, he focused on building security standards and architecture and implementing measures to mitigate cyber-attacks and fraud. His expertise in technology management, practices, and regulations played a crucial role in driving UBA’s digital and cyber defense transformation. As his career progressed, Harrison continued to acquire knowledge, experiences, and skills to stay ahead. He pursued additional master’s degrees, this time focusing on security, management and cloud technologies. Recognizing the potential of cloud adoption, he delved into cloud security and cloud technology to ensure well-informed decision-making. Driven by a desire to remain a transformational leader, he pursued a Ph.D. in Management, Leadership, and Organizational Strategy at Walden University. This advanced degree equipped him with the necessary tools to drive organizational transformation and maximize opportunities for value creation at scale. Transforming Individuals and Organizations Many challenges have been encountered and addressed in college, leading to personal transformation for numerous individuals. Harrison has played a role in transforming those who work with him. Additionally, he has spoken at various regional, local, and global conferences, even participating in major conferences as a speaker, panelist, or moderator. However, the focus remains on acquiring sufficient relevant knowledge and understanding of the terrain and potential threats to effectively mitigate cyber risks and related threats while maximally promoting and protecting the business aspirations. In terms of cybersecurity and its associated concerns, Harrison offers unique selling propositions, precautionary measures, and comprehensive systems to ensure the protection of both customers and clients. Harrison championed the development of intricate systems, architectures, and strategies to continue serving all customers with minimal exposure to risks. Records show that necessary steps are being taken to safeguard the customers and maintain their satisfaction. Harrison's Guide to Navigating Cyber Risks In the world of managing cyber risks, Harrison is a leading expert. He wants us to know that dealing with cyber risks is an ongoing journey, not a one-time project. He knows a lot about this topic and makes it easy to understand. Harrison says that cyber risks are not just about a company’s reputation. They are about protecting important assets, adopting enriching practices, and stopping threats effectively defending against cyber threats. To make a good plan for cyber risks, he says you need to know what your business is about. This will improve the chances of finding and protecting important assets like systems, people, contracts, ideas, and partnerships. Harrison also talks about how even if you use products and services without knowing who made them, you still need to keep them safe by applying your personal cyber hygiene practices, he doesn’t only talk about cyber risks. He also talks about other problems like fraud and weak systems. When something goes wrong, he has ideas on how to fix it. He talks about using a technique called heat mapping to understand the state of the ecosystem, categorize the issues, and understand what to fix first. He also wants companies to plan for the short, medium, and long-term to keep getting better. Harrison says we shouldn't ignore old problems when we face new ones. Every vulnerability should be tracked until closure is validated. Most importantly, he wants us to know that dealing with cyber risks is always changing and challenging. We need to pay attention and be ready to protect our businesses consistently and continuously. Understanding Business and Cybersecurity Harrison knows a lot about how business and cybersecurity work together. He says each business is different, so their cybersecurity plans and practices should be too. Harrison talks about different ways businesses work, like people working from home, on their phones, or pursuing different business aspirations. He says we need to hire the right people, and be careful—that we should have good practices and follow them.
Technology is a big part of cybersecurity, and he knows it. He wants us to protect things like computers, networks, and data centers. We need to be careful with data and control who can access them. Training is important. People need to know what to do to stay safe. And when something bad happens, we need a plan to fix it. We also need to talk to the public if something goes wrong. Hiring other companies to help when necessary is advisable, but we need to make sure they fit our business and keep control in-house, says Harrison. Making a Big Impact Harrison has proven himself to be a valuable asset to both individuals and businesses, bringing a lot of practical benefits. His impact is evident in various aspects of life. Moreover, through his extensive LinkedIn network, he generously shares his valuable knowledge with the community, engaging in events and collaborations. His involvement in cybersecurity rule-making groups highlight his commitment to the industry’s growth. Harrison earned the title of “CISO of the Year” in a certain region of Africa, a fact he keeps humble and private. His intelligence shines through in real-life scenarios, such as thwarting cyber-attacks originating from different countries. His actions are driven by importance rather than awards, underscoring his genuine nature. Harrison’s top advice involves thorough planning and continuous learning. He’s adept at setting ambitious objectives and gleaning insights from them. His aspiration is for people to be well-prepared for fresh opportunities and the challenges they bring. Great Advice from Harrison Harrison frequently gets asked about becoming a Chief Information Security Officer (CISO). He stresses the significance of acquiring the right skills and being open to continuous learning. According to him, it’s essential not to solely focus on the job title. Instead, he recommends gaining a strong grasp of cybersecurity, especially in the realm of infotech. This broader knowledge equips individuals to handle various tasks, not just one. Harrison advises creating a skill checklist and working on acquiring those skills. This approach enhances capabilities and the overall job performance. In addition, he discusses the benefits of setting up a personal home lab. He sees this not only as a practical endeavor but also as a means of continuous learning. He believes that ongoing education is crucial for personal improvement and knowledge enrichment. His concepts carry substantial value and extend aid to numerous individuals and businesses. Dedicated Pursuit of Personal and Professional Excellence: A Glimpse of Harrison's Achievements Throughout his journey of personal and career growth, Harrison has dedicated himself to a diverse range of courses that have enriched his knowledge and skill set. These courses span across various domains, each contributing to his expertise and commitment to continuous improvement: 1. Accounting & Finance 2. Business Economics 3. Computer Application/ Information Technology 4. Contract Law 5. Cost Management 6. Design Management 7. Development Economics 8. Effective Presentation and Communication Skills 9. Human & Industrial Relations 10. Industrial & Labour Law 11. Nature & Content of Project Management 12. Negotiation
Hiring the right individuals and conducting thorough background checks are crucial cybersecurity measures. Insider risks pose a considerable threat, and organizations must be cautious about who they bring into their teams.
13. Organisational Behaviour 14. Procurement Methods 15. Quantitative Methods & Simulations Studies 16. Resource Management 17. Research Methodology and Project Report 18. Time Management These comprehensive courses not only showcase Harrison’s commitment to learning but also his determination to excel in various facets of the ever-evolving fields of technology, management, and cybersecurity. Honors and Awards – Harrison’s drive for excellence hasn't gone unnoticed, as he has received multiple honors and awards for his contributions and achievements: • 9 Commendation Letters for Various Exceptional Contributions Towards the achievement of the Bank’s Business Aspirations Issued by UBA PLC. • IBM Manager’s Choice Award Issued by IBM · Dec 2013 • Award for Excellent Service Delivery Issued by Hamid Husain: Chief Information Officer, ZAIN Nigeria. Jan 2009 · Jan 2009 • Award for Excellent Service Delivery Issued by John Ayo: Chief Information Officer, Celtel Nigeria Ltd. Mar 2008 · Mar 2008 • CISO of the year award - Finnovex West Africa Awards, 2022 • FirstBank Hero Award - FirstBank Annual Merit Awards, FAMA 2020, 2022 These accolades reflect not only his dedication but also his tangible impact on the organizations he has been a part of. Harrison's journey is characterized by a relentless pursuit of knowledge, an unwavering commitment to excellence, and a profound impact on the organizations he has served. His achievements, both in terms of educational pursuits and professional recognition, stand as a testament to his passion and determination in the fields of technology, cybersecurity, and management. There are many more highlights on Harrison Nnaji’s LinkedIn profile. Testimonials from Professionals who have worked with Engr. Harrison Nnaji, Ph.D. Jacxine Fernandez - VP of Information Security at Bangalore International Airport Ltd.: “I had the privilege of working closely with Harrison during the West Africa IT LAN Zoning project for Airtel. Harrison’s attention to detail, technical expertise, and exceptional project management skills were instrumental in the project’s success. He not only troubleshooted effectively but also sought continuous improvement, demonstrating his commitment to excellence. Harrison's well-rounded professionalism makes him an asset to any organization.” Uchechukwu Ngonebu - Project Director at Huawei: “Having worked with Harrison, I can confidently say he’s a highly detailed professional, particularly in Network & IT Security Management. His deep knowledge of inter- network platforms is a significant asset to any company he collaborates with.” Fred Ekete - Lead, Quality Assurance and Tools at Airtel Nigeria: “Throughout my interactions with Harrison over the past 7 years, I have found him to be transparent, diligent, and honest, and his integrity is commendable. I wouldn't hesitate to recommend him to any organization that values these qualities.” Sunny Birdi - Entrepreneur: “Harrison's dedication during the IBM/Airtel partnership was exceptional. He demonstrated a multi- skilled and forward-thinking approach, effectively managing both internal and external stakeholders. His business acumen and leadership skills are highly commendable. Harrison is undoubtedly a 5-star player, and I wholeheartedly recommend him.”
Embracing the Joy of Turning Around Struggling Ventures and Constantly Striving for Improvement! Think about a time when you faced a formidable challenge. Did you not emerge from that experience stronger, wiser, and more resilient? Challenges have an incredible capacity to foster personal growth. They compel us to delve into our inner resources, tap into our creativity, and discover strengths we might not have known existed. "Can a business truly thrive without facing and overcoming challenges? Is there joy in smooth sailing, or is it in the storm that we discover our true capabilities?" These are the questions that resonate with James Tewes, a seasoned professional whose passion lies not in the comfort of well-established enterprises but in the thrill of turning the tides for struggling businesses. As the Chief Information Security Officer at Greengage, he embodies the spirit of transformation. He shares, "I often honestly have found enjoyment in all the sectors that I have worked in, but it must involve a challenge. Coming into a business that is already working and functioning well does not interest me." For him, the allure lies in the prospect of revitalizing a struggling enterprise, whether it's addressing aging infrastructure, modernizing security measures after an audit reveals vulnerabilities, or even building a business from the ground up. The heart of James's professional satisfaction lies in the process of turning a business around and adding substantial value. "What makes me happy and gives me the reason to get up and work is when I can turn a business around and add considerable value," he emphasizes. Never content with merely meeting the requirements, he is known for seeking opportunities to enhance both himself and the projects he undertakes. His approach is structured, and methodical, and goes beyond the ordinary. "I have never been someone who was happy simply to do what was needed and no more. I would always look for ways to improve both myself and the project or environment that I am working on," he notes. Constantly refreshing his skills and delving deep into the products he works with, James exemplifies a commitment to excellence and a relentless pursuit of improvement. His journey at Greengage is not just about securing information; it's about fortifying businesses, navigating challenges, and turning adversity into triumph. In the world of business alchemy, he is the maestro orchestrating the transformation of challenges into opportunities. Below are the interview highlights: Could you please elaborate on Greengage and its inception story? Greengage is a digital finance pioneer that provides a platform of relationship-based e-money account services to SMEs, high-net-worth individuals, and digital asset firms to the highest ethical, secure, and compliance standards. Alongside our account services, we provide clients access January, 2024 www.thecioworld.com 16 The Most Influen al CISOs of the Year 2024
James Tewes Chief Informa on Security Officer Greengage January, 2024 www.thecioworld.com 17
to a B2B lending platform offering digital sources of money. Our tailored services are delivered by people, empowered by technology. Greengage was founded in 2018, and we now have over 30 staff and excellent client feedback. We embrace new technology in digital assets and our core proposition as a means to add value to our clients in their day-to-day endeavors. Through Founder’s Eyes: Sean Kiernan is the Founder and CEO of Greengage, and they set up the firm with a view to building a service-led organization to support our clients in navigating the bridge between traditional financial services and digital innovation. Sean has extensive experience in financial services, having worked in various executive management positions. He founded Greengage after working at the first bank in the world to offer crypto products to clients, Falcon Private Bank, where he served as the COO and interim CEO of the London operation until he left to establish Greengage. Prior to that, he held management positions at Clariden Leu, a division of Credit Suisse, and Zurich Financial Services. Mr. Kiernan has an MBA from the University of St. Gallen and a BSc from Georgetown University. Can you summarize your 28 years of experience in infrastructure and cybersecurity, emphasizing key achievements? Throughout my career, which began at the age of 17, I've had the privilege of working for esteemed companies and collaborating with exceptional colleagues on exciting and challenging projects. Notably, a few milestones include: London 2012 Olympics and Paralympics: Working on this project was a unique privilege. The high visibility and pressure during this global event required quick learning and problem-solving. I identified and resolved environmental issues promptly, ensuring a smooth operation of the infrastructure during the live games, which had a global viewership exceeding 3 billion. The project involved managing over 10,000 servers and workstations and 8,000 users, spanning static core infrastructure and dynamic event locations. Teams worked around the clock, addressing critical changes and fixes during the live games and executing planned changes at night to prepare for the following day's events. British Petroleum (BP): At BP, a significant achievement was contributing to the data center consolidation project. This involved building primary and secondary data centers in London and decommissioning all European data centers. My role in building the initial core server infrastructure facilitated the migration of approximately 40,000 servers, significantly reducing the physical server footprint through virtualization. Harrods Bank: Initially hired as a consultant for infrastructure refresh, I played a crucial role in understanding and migrating legacy systems. Working in the complex environment of the banking sector, I contributed to scaling up the bank's staff and systems, witnessing a 400% increase in size. My focus on security remained paramount throughout, ensuring a seamless migration and ultimately leading to the bank's sale to a challenger bank. Sonali Bank: After joining as a security consultant, I addressed gaps highlighted in an external cybersecurity audit. Implementing the necessary security layers significantly improved the bank's security posture. Taking over the IT department, I crafted an 18-month roadmap, modernizing the infrastructure and leaving the bank in an enhanced and secure state. In each role, my commitment to learning, problem-solving, and prioritizing security has been central to achieving successful outcomes. January, 2024 www.thecioworld.com 18
Among the financial, Oil & Gas, Sports, Manufacturing, and Government sectors, which presented the most unique challenges, and how did you address them? In the financial sector, I've experienced challenges that are particularly daunting due to the intricate technologies and customized nature of products. Security measures must be meticulously implemented to protect the environment and clients, while strict adherence to regulations is paramount. Successfully overcoming these challenges hinges on a profound understanding of products, configurations, and security measures at the granular level. Thorough planning and end-to-end testing, including robust rollback plans, are essential. Involving banking teams in testing is critical, as relying solely on IT can lead to significant oversights. Testing must cover all possible scenarios, accounting for the varying activities banks conduct hourly, daily, weekly, and monthly. Failure to test comprehensively can result in seemingly successful upgrades that reveal issues days or weeks later. In the financial industry, any failure in upgrades or system changes can lead to substantial financial and customer repercussions, causing severe reputational damage to the business. Major outages are often attributed to inadequate testing and a failure to test rollback procedures thoroughly. Can you share an example of effectively communicating a complex technical issue to stakeholders at different business levels? In my experience, effective communication within a business requires tailoring your message to the audience's varying levels of understanding. Particularly in IT, where technical proficiency can differ widely, it's crucial to focus on the business impact, necessary actions for resolution, and the implications of inaction. By emphasizing these aspects and presenting with confidence, I've noticed increased buy-in from the business. It's essential to avoid overly technical discussions, as executives may disengage, leading to resistance against proposed changes. For instance, in a scenario involving a financial institution, I needed to upgrade and replace key payment gateways to enhance resilience. Despite initial doubts from my direct management about securing funding, I successfully engaged with the bank's leadership. I provided a high-level rationale for the work, offering a straightforward technical overview that resonated with all levels of understanding. This approach proved successful in obtaining the required funding and steering the project to completion. Can you highlight a successful implementation of a cybersecurity solution that significantly improved an organization's security posture? Working at Sonali Bank UK, I prioritized implementing a comprehensive MDR (Managed Detection and Response) solution as a vital defense measure. For smaller banks like ours, MDR covers essential components like a 24x7 SOC, SIEM, Vulnerability Scanning, Cloud Posture Management, and Endpoint management. Limited resources often expose smaller banks to vulnerabilities, making continuous monitoring crucial. In the financial sector, risk awareness isn't a 9-5 affair; it demands 24x7 vigilance. Any claim of complete security is unrealistic. As a CISO, honesty about potential threats is vital, and taking proactive steps to safeguard both the bank's and clients' data is paramount. In your role, collaboration with third-party support and suppliers is crucial. How do you ensure effective partnerships and smooth integration with external entities? Effective collaboration hinges on adeptly managing partnerships and workflows, a task contingent on the involved companies. Employing skilled project managers significantly influences workflow and change management. Establishing centralized communication points among companies is pivotal to ensuring prompt and efficient work execution. Collaborating with proficient, communicative, and adaptive companies enhances the overall experience. However, encountering less cooperative entities poses challenges, impeding progress in implementations, changes, and bug fixes. The judicious choice of tracking tools proves vital for monitoring extensive workflows and task statuses and preemptively addressing potential issues, facilitating collaborative problem-solving and timely resolution. Reflecting on your career, what accomplishment or project are you most proud of, and how did it positively impact the businesses you worked with? I would say my current role as CISO of Greengage is one of my proudest. While I have enjoyed many projects at various companies, at Greengage we were in the fortunate position of building a financial institution environment from the ground up. This is a great challenge: having the ability to design the most optimal architecture using the most appropriate products for all infrastructure and security layers, rather than what often happens traditionally: inheriting the chosen products by historic teams, which may not be the right products for their purpose. This enabled the business to successfully go live with its e- money offering and start onboarding its customers, which was a proud moment for the business and proves what can be achieved with the hard work of all the teams. January, 2024 www.thecioworld.com 19
The only truly secure system is one that is powered off, cast in a block of concrete, and sealed in a lead- lined room with armed guards. In the ever-evolving landscape of cybersecurity, where threats loom large and technology advances at a rapid pace, the quote by Gene Spafford resonates with a certain irony. Achieving absolute security is an elusive goal, but that doesn't mean cybersecurity efforts are in vain. Instead, it underscores the importance of measuring cybersecurity effectiveness to enhance resilience and response. How do we evaluate the efficacy of our cybersecurity measures? What metrics provide meaningful insights into our defenses? In this article, we delve into the crucial realm of measuring cybersecurity effectiveness, aiming to navigate the complexities of securing our digital landscapes. Understanding Cybersecurity Effectiveness At the heart of any robust cybersecurity strategy is the fundamental question: How effective are our security measures? Cyber threats are dynamic and multifaceted, ranging from sophisticated malware and phishing attacks to zero-day vulnerabilities. In this environment, a proactive and adaptable approach is necessary, and that's where measuring cybersecurity effectiveness becomes imperative. Effectiveness in cybersecurity is not a one-size-fits-all concept. It encompasses various dimensions, including prevention, detection, response, and recovery. The goal is not only to prevent breaches but also to minimize the impact when preventive measures fall short. It involves creating a layered defense strategy that combines technology, policies, and user awareness. Measuring Cybersecurity Effectiveness Key Metrics for Measuring Cybersecurity Effectiveness Incident Detection Time: • Metric: Mean Time to Detect (MTTD) • Significance: MTTD measures the average time it takes to identify a security incident from the moment it occurs. A lower MTTD suggests a more efficient detection process, enabling quicker responses to potential threats. Incident Response Time: • Metric: Mean Time to Respond (MTTR) • Significance: MTTR measures the average time taken to respond to and mitigate a security incident once detected. A swift response is crucial for minimizing the impact of a breach and preventing further damage. False Positive Rate: • Metric: Percentage of False Positives • Significance: While detection is essential, too many false positives can overwhelm security teams and lead to alert fatigue. A lower false-positive rate indicates more accurate threat detection, allowing teams to focus on genuine risks. Vulnerability Patching Time: • Metric: Time to Patch Vulnerabilities • Significance: Timely patching of vulnerabilities is critical to closing potential entry points for attackers. Monitoring and reducing the time it takes to patch known vulnerabilities enhances the overall cybersecurity posture. Metrics Every CISO Should Track January, 2024 www.thecioworld.com 20
January, 2024 www.thecioworld.com 21
Phishing Resilience: • Metric: Phishing Click Rate • Significance: Phishing attacks remain a common entry point for cybercriminals. Measuring the rate at which users click on phishing links provides insights into the effectiveness of awareness training and the overall security culture. User Education Effectiveness: • Metric: Training Completion Rates • Significance: Educating users on cybersecurity best practices is essential. Monitoring training completion rates helps gauge the effectiveness of educational programs and identifies areas for improvement. Endpoint Protection: • Metric: Endpoint Detection and Response (EDR) Effectiveness • Significance: Endpoints are frequent targets for attacks. Evaluating the effectiveness of EDR solutions in detecting and responding to threats at the endpoint provides a crucial layer of security. Challenges in Measuring Cybersecurity Effectiveness Despite the importance of these metrics, measuring cybersecurity effectiveness comes with its own set of challenges. The dynamic nature of cyber threats, the evolving technology landscape, and the increasing sophistication of attackers make it challenging to establish static benchmarks. Additionally, the interconnectedness of systems and the sheer volume of data generated pose difficulties in discerning meaningful patterns. Moreover, the intangible nature of successful cyber attacks—particularly those prevented—complicates the assessment process. How can one measure the absence of a breach? It requires a shift in mindset from merely counting successful attacks to evaluating the effectiveness of proactive measures in thwarting potential threats. A Comprehensive Approach to Cybersecurity Effectiveness To address these challenges, organizations must adopt a comprehensive approach to measuring cybersecurity effectiveness. This involves integrating quantitative metrics with qualitative assessments, leveraging technology, and fostering a culture of continuous improvement. • Risk-Based Metrics: Develop metrics that align with the organization's risk appetite. Focus on measuring the effectiveness of controls that directly mitigate high- impact risks. • Continuous Monitoring: Implement continuous monitoring systems to track real-time security metrics. This allows for immediate responses to emerging threats and provides a more accurate reflection of the current security posture. • Red Team Exercises: Conduct regular red team exercises to simulate real-world attack scenarios. These exercises help evaluate the effectiveness of both preventive and responsive measures in a controlled environment. • Collaborative Threat Intelligence: Engage in information sharing and collaborative threat intelligence efforts with industry peers. This collective approach enhances the ability to identify and respond to emerging threats more effectively. • Security Awareness and Training: Emphasize the human element by investing in ongoing security awareness and training programs. Measure the impact of these programs on user behavior and the overall security culture within the organization. Conclusion Metrics are valuable indicators, but they should not be the sole focus. Cybersecurity effectiveness is a holistic concept that involves people, processes, and technology working in tandem. While metrics provide quantifiable insights, qualitative assessments, adaptive strategies, and a commitment to continuous improvement are equally essential. As Gene Spafford's quote suggests, achieving absolute security might be an unattainable goal, but the journey toward it is marked by resilience, adaptability, and a commitment to staying one step ahead of the ever-evolving threat landscape. In measuring cybersecurity effectiveness, organizations not only safeguard their digital assets but also fortify their ability to thrive in an interconnected and unpredictable cyberspace. January, 2024 www.thecioworld.com 22 - Alaya Brown
Championing Privacy, Inspiring Change, and Nurturing the Future! In a world dominated by Gen Z, where our lives are increasingly lived online, from social media interactions to online purchases, each digital engagement contributes to what has come to be known as our "digital footprint." This footprint is essentially a trail of personal data points that collectively paint a vivid picture of who we are, what we like, and how we direct the digital landscape. While this information can be harnessed for targeted advertising or improved user experiences, it also raises concerns about the extent to which individuals have control over their own data. Sawan Joshi emerges as a stalwart defender, donning the mantle of Chief Information Security Officer at Mitiga Solutions & The Privacy Business Group Ltd. Sawan's journey into information security was not just a career choice; it was a calling fueled by a profound sense of responsibility. Inspired by the digitization of data, he recognized the transformative power of technology in shaping our lives. Simultaneously, he was drawn into the industry by the alarming surge in cybercrimes, each one a stark reminder of the vulnerabilities of our interconnected world. Given a stage to speak about protecting people, Sawan's message is clear and concise. In a world where data is both the lifeblood of progress and the target of malicious intent, he advocates for a collective responsibility to safeguard privacy. As the CISO, his mission extends beyond securing data; it's about empowering individuals to take well- informed actions in their roles as guardians of digital sanctuaries. Behind the title of Chief Information Security Officer lies the role that truly defines Sawan—being a father. As a parent to quadruplet children, he draws inspiration from their innocence and envisions a future where digital landscapes are resilient and secure. For him, the responsibility of protecting not just his own family but the global digital community adds depth and urgency to his mission. Sawan Joshi is not just safeguarding the present; he's architecting a resilient future. His role extends beyond the corporate corridors to the heart of family life. By instilling the importance of privacy and security in his children, he's shaping a generation that understands the value of digital trust and the significance of safeguarding data. January, 2024 www.thecioworld.com 24 The Most Influen al CISOs of the Year 2024
In an age where information is power, Sawan's advocacy for privacy and security becomes not just a professional responsibility but a profound commitment to the well-being of individuals and generations to come. Below are the interview highlights: Could you please brief us about Mitiga Solutions and its inception story? Founded in 2018, Mitiga Solutions is a science-based climate risk intelligence company that helps organizations understand their exposure to climate risk to make well- informed decisions and protect their assets. Can you share your journey in the fields of information security, IT operations, and data protection, highlighting key milestones in your 15-year career? Over the past 15 years, we have seen many acquisitions, mergers, and even divestitures, and my career has been loaded with this topic. With over 10 acquisitions under my belt, I supported my employers with complex scenarios where global offices are in scope and provided solutions from technological capabilities that have come from highly available private and public clouds and the way replication solutions can allow for data integrity and collaboration. It was important to provide agile and adaptive solutions during these initiatives. Some key highlights during my career were building information security and operations for London Luton Airport, a highly regulated essential services provider that needed a balanced blend of internal and external security that not only protected digital systems but also provided monetization opportunities through physical security technologies inside the airport facilities. Over the years, I leveraged the opportunity to network at the board level. This level of communication was a very exciting area for me, as it built my own career confidence through the validation it received. I would always bring well-prepared information to a meeting to validate having a place at such meetings, and it was important that I knew it so well that I could articulate it in that meeting to keep stakeholder interest. This always meant keeping the focus on why my points mattered in the first place. During my role at First Port Ltd., which is the UK's largest property management company and now a global organization that has set out to grow by acquisition at a rapid pace, protecting the executive leadership team's interests was vital, as was ensuring impartial facts reached Sawan Joshi Chief Informa on Security Officer Mi ga Solu ons & The Privacy Business Group Ltd. January, 2024 www.thecioworld.com 25
the board. To do that, strategic alignment was key, and to ensure that as we completed these acquisitions, the risks that were taken on by the acquired company were going to be managed with trusted eyes and that clear sight of what they were was shared before closing the investment. To do that, I created a repeatable acquisition capability that could be applied each time, which led to success in my role, and new risks were processed into the security roadmap. To do that, ensuring technologies that can scale with simplicity was vital, as was having the internal and external people on board to make it happen. I have often found that it is not the size of the team but the capability of the team that counts most. To sum up, some highlights of my data protection experience are not sector-specific. As I grew my experience and continued to top up my knowledge, which is constantly part of the territory, I was able to tailor and adapt it to any organization type once I understood the business and what applied to them first. This has become my personal repeatable strategy, which has now been applied to an airport, a global sports retail company, the UK's number one charity for dogs, multiple financial services companies, and now 2 climate tech companies. These have become adventures I love to tell my network and specifically my children as they grow up and begin to understand that working for who you want is going to have a better chance of happening if you empower yourself with a career strengthened by knowledge, and if you know it well, you can explain it well. In your current role as the Chief Information Security Officer at Mitiga Solutions, what strategic initiatives have you implemented to enhance information security within the organization? The time to act against the risks our world faces from climate change is now; it cannot be an afterthought, and within the public and private sectors, we have an opportunity to take steps that make an impact now. It all starts with taking a 360-degree look at all prospects and what matters to them. This means customers, partners, and investors now and in the future. Building a strategic roadmap along with laws and regulations that are within scope and will build trust in the supply chain is essential. I articulate a roadmap like this as protection around people, platforms, and processes that can provide balanced protection of assets and support revenue generation through independent validations. These are how we make sure we can be relied on to score highly in trust scores with our privacy-by-default design business architecture. In these pillars, what that would look like is to ensure we put a layered defense around people to ensure we protect their identity with multiple factors, plus the additional layers that include anomaly detection for those sign-ins, such as impossible travel metrics and user behavior analytics to detect deviations from normal interactions and data manipulations. Additionally, on platforms, it is vital to implement a clear, transparent view of all these activities once an identity has been validated to ensure trust, but verification is constant and any adverse interactions and activities across platforms are quickly identified so we can take response actions. January, 2024 www.thecioworld.com 26
The third pillar is to build robust capabilities around processes through top-down governance and ensure we have data protection compliance and business continuity, with disaster recovery baked right in. That is how you become breach-ready so that an adverse incident becomes an operational metric to track and continuously improve on and not a business-hindering aftermath. This does not mean going out and purchasing all the latest security technologies that cover the acronyms that are constantly evolving as buzzwords in the broad offerings of many solution providers, but this means ensuring financial stewardship is at the heart of a roadmap like this and that investments are of low complexity and cost, thus achieving understandable security by design. As a business leader, that is important. At The Privacy Business Group Ltd., how did you contribute to the development of privacy strategies? What were the key challenges you faced in this role, and what is TriStep.io? As I found my approach to applying privacy and security strategies to any sector successful, I realized I wanted to apply this to more companies and reflected on my experience with large enterprises vs. the challenges startups face as they try to do business with large enterprises. I wanted to take my experience from both sides into making those public and private business partnerships simpler to put together, trustable by validation, and successful in their ability to last. That is when I decided to form The Privacy Business Group Ltd., but my goal was not to focus on traditional advisory services. Today, not many organizations want a 5-year plan sold to them in an interview; they want objectives and key results measured quarterly, and I want to bring the capability to help organizations have a low-level touch from an advisory and to easily gain access to software that is not only low-cost but will give a 3-step plan to risk and sustainability frameworks that will help them mind their own posture. That is why I founded TriStep.io, which is a risk and sustainability framework platform that will be available for everyone in January 2024. Could you share insights into the significance of the certifications you obtained? These qualifications offer very relevant future-proof value and offer a complex path to obtain them, which is part of the achievement after all, the easy options are never of the most value. The qualifications from IAPP, ISC2, and ISACA offer continuous professional development systems to keep the certification valid for a fee, and participation keeps continuous learning on track and your initial investment in place. It is important to know the operating cost of achieving and maintaining certifications when deciding how much to work for in salary or self-employment and to take that into account when running your own career. My view is that no employer should run your career; it is important to drive that yourself. January, 2024 www.thecioworld.com 27
Addressing Insider Threats in Cybersecurity for CISOs The greatest danger to our cybersecurity often lurks within our own walls. How can CISOs effectively address insider threats and safeguard their organizations? Cybersecurity has become a cornerstone in protecting organizations from an ever-expanding array of threats. While external threats like hackers and malware often grab the headlines, the significance of insider threats cannot be overstated. Insiders, whether intentionally malicious or unwittingly negligent, pose a substantial risk to an organization's sensitive data and digital infrastructure. For Chief Information Security Officers (CISOs), the challenge lies in navigating this complex landscape to secure their organizations from within. Understanding Insider Threats Insider threats can manifest in various forms, from employees with malicious intent seeking financial gain or revenge to well-meaning staff who inadvertently compromise security through negligence. In fact, a 2021 Insider Threat Report found that 68% of organizations feel vulnerable to insider attacks. This underscores the urgency for CISOs to adopt a comprehensive approach to address this multifaceted challenge. The first step in tackling insider threats is acknowledging that they exist. No organization is immune, regardless of its size or industry. As a CISO, it's imperative to cultivate a culture of cybersecurity awareness within the organization and foster an environment where employees understand the potential risks associated with their actions. Building a Culture of Cybersecurity Awareness How can you expect your employees to safeguard your organization if they don't understand the value of the information they're protecting? Creating a culture of cybersecurity awareness starts with education. Regular training sessions and workshops should be conducted to keep employees informed about the latest cybersecurity threats, including the potential impact of insider threats. This education should extend beyond the IT department to reach all levels of the organization. When everyone understands the risks, they are more likely to actively contribute to the organization's cybersecurity efforts. Additionally, implementing strong access controls and monitoring mechanisms is essential. Limiting access to sensitive information on a need-to-know basis reduces the likelihood of unauthorized or unintentional data exposure. Regularly reviewing and updating access permissions, especially when employees change roles or leave the organization, is crucial to maintaining a secure environment. Implementing User Behavior Analytics It's not just about what people do, but how they do it. Understanding user behavior is key to detecting potential insider threats before they escalate. User Behavior Analytics (UBA) plays a pivotal role in identifying anomalous activities that may indicate insider threats. By establishing a baseline of normal user behavior, security systems can detect deviations that may signal a potential security risk. For example, sudden access to sensitive data by an employee who has never accessed it before or irregular login times can trigger alerts for further investigation. January, 2024 www.thecioworld.com 28
The Human Factor January, 2024 www.thecioworld.com 29
CISOs should leverage advanced technologies, such as machine learning algorithms, to enhance the accuracy of UBA. These technologies can analyze vast amounts of data and detect patterns that may elude traditional security measures. Investing in UBA not only strengthens an organization's defenses but also allows for more proactive threat mitigation. Monitoring Privileged Users With great power comes great responsibility, and privileged users are no exception. Monitoring their activities is a critical aspect of insider threat prevention. Privileged users, such as system administrators and executives, have elevated access levels that make them potential targets or unwitting conduits for insider threats. CISOs must implement robust monitoring systems to track the activities of privileged users, ensuring that their actions align with their roles and responsibilities. Regular audits and reviews of privileged user access logs can reveal any suspicious behavior or unauthorized access. This proactive approach enables CISOs to intervene promptly and mitigate potential threats before they escalate. Moreover, it sends a clear message that all users, regardless of their position, are subject to scrutiny to maintain a secure environment. Establishing a Whistleblower Program Sometimes, the most valuable insights come from within. Encourage employees to speak up if they notice anything amiss. A whistleblower program provides employees with a confidential channel to report suspicious activities without fear of reprisal. CISOs should work in collaboration with HR and legal teams to establish a robust and anonymous reporting mechanism. This encourages a sense of shared responsibility for cybersecurity and can be an invaluable source of early detection for insider threats. To ensure the effectiveness of the whistleblower program, it's essential to communicate its existence clearly and regularly. Employees should be informed about the importance of reporting any concerns promptly, emphasizing that their contributions play a crucial role in safeguarding the organization. Responding to Insider Threat Incidents Prevention is ideal, but preparation is imperative. Having a well-defined incident response plan is essential when addressing insider threats. No cybersecurity strategy is foolproof, and insider threats may still occur despite the best preventive measures. CISOs must have a well-defined incident response plan in place to mitigate the impact of a potential breach swiftly. The incident response plan should outline clear procedures for identifying, containing, and eradicating insider threats. This includes collaboration with the legal and HR teams to handle potential legal and personnel issues. Regularly testing and updating the incident response plan ensures its effectiveness when faced with the dynamic nature of insider threats. Conclusion In the realm of cybersecurity, the real challenge often lies not in the complexity of technology but in understanding human behavior. CISOs must address insider threats with a combination of technological solutions, cultural initiatives, and proactive measures. As CISOs navigate the ever-evolving landscape of cybersecurity, addressing insider threats should remain a top priority. By building a culture of cybersecurity awareness, implementing advanced technologies like UBA, monitoring privileged users, establishing whistleblower programs, and having a robust incident response plan, CISOs can strengthen their organizations from within. The journey towards a more secure future begins by recognizing that the greatest threats may be those working within our own walls, and the key to success lies in a proactive and holistic approach to cybersecurity. - Alaya Brown January, 2024 www.thecioworld.com 30
A Journey of Compliance, Innovation, and ISO 27001 Certification in Healthcare Cybersecurity! s your data safe? A question echoing through the Icorridors of the digital age resonates with a sense of urgency and responsibility. In a world where information is the lifeblood of industries, it's crucial to have guardians at the helm. Meet Stuart Walsh, the vigilant guardian of digital fortresses, currently serving as the Chief Information Security Officer (CISO) at Blue Stream Academy Ltd. Stuart's journey from a website designer to CISO reflects the evolving landscape of cybersecurity. As organizations, especially in sensitive sectors like healthcare, grapple with the escalating significance of data, Stuart's story mirrors this paradigm shift. His tenure commenced with expanded responsibilities in office management, a testament to his adaptability and foresight. With the impending shadow of the General Data Protection Regulation (GDPR), Stuart recognized the need to fortify their defenses and showcase a robust commitment to data protection. The pursuit of ISO 27001 accreditation became a strategic move, a bold statement affirming Blue Stream Academy Ltd.'s dedication to safeguarding the integrity of information. In the pivotal year of 2017, he stepped into the role of CISO, entrusted with the mission to establish and coordinate an Information Security Management System (ISMS). This system not only aligned with GDPR requirements but also laid the groundwork for ISO 27001 certification. His leadership became instrumental in navigating the complexities of compliance, ensuring that the organization not only met regulatory standards but surpassed them. Below are the interview highlights: Can you briefly describe your role as the Chief Information Security Officer (CISO) at Blue Stream Academy Ltd. and the primary responsibilities that come with it? As the CISO at Blue Stream Academy Ltd., my role centers on safeguarding our information systems; my responsibilities encompass developing and implementing a comprehensive information security strategy that aligns with both our business objectives and the stringent regulatory demands of the healthcare industry. A key part of my job is managing risks associated with information security, which involves identifying potential threats, assessing vulnerabilities, implementing appropriate mitigation strategies, and ensuring compliance with ever- evolving legal and regulatory standards. I lead the response to any security incidents, collaborate closely with various departments to ensure a unified approach to information security, and regularly communicate with senior management and stakeholders about our security posture and initiatives. I also oversee the selection and management of security technologies and drive the development of cybersecurity training and awareness programs for all employees. January, 2024 www.thecioworld.com 32
Stuart Walsh Chief Informa on Security Officer Blue Stream Academy Ltd. January, 2024 www.thecioworld.com 33 The Most Influen al CISOs of the Year 2024
In your experience as a CISO, what do you consider the most challenging aspect of ensuring information security within a healthcare-focused organization? The most challenging aspects of ensuring information security within a healthcare-focused organization are compliance and regulatory requirements. The UK healthcare industry is obviously heavily regulated; ensuring that our organization meets these requirements and is aware of any changes in the law, the legal landscape, or best practices in data protection, particularly in the post- Brexit era, requires regular training and awareness programs for all employees as well as continuous monitoring and auditing of our data processing activities. The burden of compliance can sometimes be disproportionately heavy; as such, it is especially important that I am able to foresee potential changes and ensure that our organization remains proactive rather than reactive in its compliance efforts and has the agility to adapt to changes in a way that aligns with both our legal obligations and operational realities. How do you approach creating and implementing information security policies to align with the unique needs and regulations of healthcare organizations in the UK? Understanding the specific needs and challenges of healthcare organizations is crucial when implementing information security policies. Our approach to creating and implementing these policies is a balanced mix of regulatory compliance, risk management, adaptability, collaboration, and education tailored to meet the specific needs of the UK healthcare industry. In terms of regulatory alignment, the UK’s legal landscape for data protection and healthcare information security is guided primarily by the General Data Protection Regulation (GDPR), as incorporated into UK law post-Brexit, and the Data Protection Act 2018. These regulations set the baseline for our information security policies. To align our policies with these regulations, we conduct a thorough analysis of our data processing activities, assessing how data is collected, stored, used, and shared. This helps in identifying and mitigating risks and ensuring compliance with data protection principles. Another key aspect is ensuring that our policies are not static; the healthcare sector and its regulatory environment are dynamic, with evolving challenges and legal requirements. Therefore, our policies are designed to be flexible and adaptable, with regular reviews and updates to reflect changes in technology, threats, and regulations. Collaboration with healthcare organizations, stakeholder engagement, training, and awareness are also integral to our policy implementation. Can you share an example of a significant security challenge you've faced in your role and how you successfully mitigated the risk while maintaining operational efficiency? One of the most significant security challenges I have faced in my role as CISO, especially during the COVID-19 pandemic, was the rapid transition to remote work. This shift posed a unique set of risks, particularly for our organization, which provides online training and HR management platforms to healthcare organizations in the UK, where data sensitivity and privacy are paramount. The primary challenge was ensuring that our employees could work from home securely without compromising the confidentiality, integrity, and availability of the sensitive data we handle. The risks were multifaceted, including increased vulnerability to cyberattacks, potential data breaches, and the challenge of maintaining compliance with stringent healthcare data protection regulations in a remote environment. January, 2024 www.thecioworld.com 34
Mitigating these issues required enhanced VPN security, the securing of home networks, increased endpoint protection, improved data access controls, additional training, auditing and monitoring, and adaptation of our business continuity planning. By implementing these measures, we were able to successfully mitigate the risks associated with remote work during the COVID-19 pandemic. Our team remained productive and efficient, and we ensured that the sensitive data we handled remained secure, maintaining the trust of our clients in the healthcare sector. This experience also provided valuable insights and preparedness strategies that have strengthened our overall information security posture. With the constantly evolving landscape of cybersecurity threats, how do you stay informed about the latest trends and technologies to ensure Blue Stream Academy's information security measures remain robust? Staying informed of the rapidly evolving landscape of cybersecurity threats is a critical aspect of my role as CISO. In an industry as sensitive as healthcare, it's imperative that our security measures are not just current but also forward- looking, which involves continuous learning and research, engagement with cybersecurity communities, attending conferences, exhibitions, and workshops, maintaining supplier relationships and industry partnerships, vulnerability assessments, and incident reviews. Considering the sensitivity of healthcare data, how do you ensure compliance with relevant data protection laws, such as GDPR, and maintain a high standard of data privacy? Our approach to compliance with data protection laws and maintaining data privacy involves a blend of ongoing legal understanding, risk management, policy implementation, staff training, technical safeguards, vendor compliance, incident preparedness, and transparent communication with data subjects. A thorough and continuously updated understanding of GDPR and other relevant regulations is essential; we conduct regular risk assessments and Data Protection Impact Assessments (DPIAs) to identify and mitigate potential risks in our data processing activities, aligning with GDPR's proactive risk management requirements. We have established robust data protection policies and procedures, which are regularly reviewed and updated to ensure compliance with legal requirements. Employee training and awareness are key; we regularly educate our staff on GDPR requirements, data breach recognition and reporting, and best practices in data handling to minimize human error-related breaches. Technical and organizational measures, such as encryption, access controls, and regular security audits, are implemented and continually revised to safeguard data. Vendor management is also crucial, ensuring that our partners comply with the same data protection standards through due diligence and contractual agreements. Finally, transparency with data subjects about their data usage, rights, and exercise of these rights is a critical aspect of our strategy, ensuring clear communication and maintaining trust. January, 2024 www.thecioworld.com 35
s the digital world continues to evolve at a Abreakneck pace, the question on everyone's mind is, How do we protect ourselves in this ever- expanding cyber landscape? In the quest for answers, we turn our spotlight on Tariq Al-Shareef, a luminary in the field of cybersecurity whose journey is not just a career but a commitment to fortifying the digital realm. Tariq's journey started when he graduated from the esteemed King Fahd University of Petroleum and Minerals with a degree in electrical engineering. He went to the National Information Center for his first professional experience, where he became well-versed in the complex field of information technology. He had no idea that this first action would set off a series of events that would transform the cybersecurity landscape forever. The turning point came when Tariq transitioned to the dynamic field of cybersecurity, specifically as an Incident Response Analyst. This early exposure not only honed his skills but also laid the groundwork for his subsequent roles. His invaluable contributions as an Incident Response Consultant at SITE were instrumental in addressing national cyberattacks in Saudi Arabia, showcasing his prowess in the ever-evolving battlefield of cybersecurity. Tariq's trajectory further unfolded in the financial sector, where he collaborated with ENBD, leaving an indelible mark on the industry. His exceptional skills and strategic acumen paved the way for his current role as the Chief Information Security Officer (CISO) at SiFi. In this influential position, he stands as a guardian of digital fortresses, navigating the complex landscape of cybersecurity and steering strategies to safeguard vital information. Cybersecurity Visionary and Global Contributor: Safeguarding Saudi Arabia’s Cyber Frontlines Let’s delve into the tale of a lifelong learner and advocate for secure technological advancements! Could you please tell us about SiFi and its inception story? SiFi was founded by His Excellency Ahmed Alhakbani with the vision of revolutionizing enterprise financial management in the Kingdom. SiFi offers a comprehensive suite of solutions that address the key challenges of enterprise finance management, empowering enterprises to grow and thrive. What are the key challenges that organizations face in terms of information security today and how do you address them in your role as a CISO? The cybersecurity landscape presents a formidable array of challenges, each with its own unique complexities and varying degrees of severity depending on the organization’s industry and size. These challenges have fueled a global January, 2024 www.thecioworld.com 36
Tariq Al-Shareef Chief Informa on Security Officer SiFi January, 2024 www.thecioworld.com 37 The Most Influen al CISOs of the Year 2024
market worth an estimated 150 billion USD in 2021 as organizations worldwide strive to fortify their digital defenses against the ever-evolving threat landscape. While cybersecurity challenges manifest in diverse forms, certain issues transcend individual organizations, demanding a coordinated response at the national level. One such issue is the global shortage of skilled cybersecurity professionals, while another is the escalating cost of cybersecurity services and solutions. As a CISO and cybersecurity expert, my paramount responsibility is to empower the organization to thrive while adhering to the applicable regulatory framework and ensuring the protection of information assets against cyber threats. This entails a comprehensive approach to identifying, prioritizing, and mitigating cybersecurity risks, ensuring that these risks are effectively communicated to the executive management team. The overarching challenge I face lies in striking a delicate balance between compliance and risk reduction without unduly straining the organization’s resources. How do you ensure the confidentiality, integrity, and availability of sensitive data within your organization? As a CISO in the financial industry, I am mandated to adhere to all applicable regulatory frameworks and industry standards. These frameworks and standards are intended to safeguard the confidentiality, integrity, and availability (CIA) of our organization’s data and systems. It is my duty to ensure that all CIA controls are implemented, effective, and measured, and that comprehensive cybersecurity hygiene is adopted. As well as to translate the cyber risks into a language that is well understood by the board. What strategies do you employ to stay updated with the latest security threats and emerging technologies? Cybersecurity is a rapidly evolving field, with new technologies and threats emerging at a rapid pace. This can make it difficult to stay up-to-date and maintain a comprehensive understanding of the threat landscape. However, several steps can be taken to maintain awareness of the latest developments in cybersecurity. One step is to read periodic reports published by cybersecurity companies and to follow new cybersecurity research. Additionally, reading cybersecurity blogs, following cybersecurity experts on social media, and connecting with field experts can provide valuable insights into the latest January, 2024 www.thecioworld.com 38
threats and trends. Finally, participating in cybersecurity conferences can offer an opportunity to learn about new technologies and trends, as well as to network with other cybersecurity professionals. Can you provide an example of a successful security incident response you have managed? How did you handle the situation, and what measures did you take to mitigate the impact? While I’m constrained from discussing specific incidents from my previous and current roles, I can share that I have extensive experience as a digital forensic and incident response consultant. In this capacity, I have assisted numerous clients in effectively responding to cyber breaches and remediating the damage caused by these attacks. A common shortcoming observed during my experience is the absence of adequate monitoring on affected servers. This lack of visibility leaves critical systems vulnerable to undetected intrusions and potential data breaches. Additionally, the failure to promptly apply patches for known high-severity vulnerabilities creates exploitable entry points for malicious actors. These vulnerabilities, if left unaddressed, can serve as easy targets for attackers to exploit, potentially compromising sensitive data and disrupting operations. Furthermore, the lack of proper network segmentation and duty segregation can amplify the impact of breaches. By segmenting networks and implementing clear segregation of duties, organizations can limit the scope of potential damage and minimize the spread of unauthorized access. How do you approach building a strong security culture within the organization and what steps do you take to ensure that all employees are aware of their roles and responsibilities in maintaining information security? Creating a strong cybersecurity culture in an organization is a top-down endeavor. The CISO must ensure that the board of directors and executive management are fully committed to cybersecurity, as this is essential for employee adoption. Once this commitment is made, awareness programs should be established to educate employees about the threats posed by cyberattacks. This will help to create a culture of awareness and preparedness, which is essential for implementing and maintaining the best cybersecurity practices. In your opinion, what are the most essential security controls that every organization should have in place? Many accredited standards identify the essential cybersecurity controls based on the industry. In Saudi Arabia, the National Cybersecurity Authority has developed the Essential Cybersecurity Controls, which outline the fundamental controls that organizations must implement. Due to their limited resources, I believe that SMEs should prioritize security controls that reduce the attack surface and protect against automated attacks. This includes implementing a vulnerability management program, deploying essential security controls such as firewalls as well as web application firewalls, and applying best practices such as hardening standards and configuration. Additionally, organizations should enforce endpoint protection on all assets by implementing endpoint detection and response (EDR) and advanced antivirus solutions to protect against malware and ransomware. How do you collaborate with other departments, such as IT, legal, and compliance, to ensure a holistic approach to information security? The collaboration should be embedded in the organization’s culture. Working in a startup, which is a high-caliber environment, made this part easy for me. To make sure that people work together well, it is important to have clear rules and guidelines that explain everyone’s roles and responsibilities. This will help to avoid confusion and make sure that everyone is working towards the same goals. It is also important to clearly explain tasks to each department so that everyone knows what they need to do and what the expected outcome is. This will help to avoid misunderstandings and make sure that everyone is working on the same page. January, 2024 www.thecioworld.com 39
Subscription CIO
www.thecioworld.com

Recommended

The 10 Most Influential People In Cyber Security, 2024.pdf
The 10 Most Influential People In Cyber Security, 2024.pdfThe 10 Most Influential People In Cyber Security, 2024.pdf
The 10 Most Influential People In Cyber Security, 2024.pdfciolook1
 
10 Visionary Leaders Shaping Digital Transformation In 2024 (1).pdf
10 Visionary Leaders Shaping Digital Transformation In 2024 (1).pdf10 Visionary Leaders Shaping Digital Transformation In 2024 (1).pdf
10 Visionary Leaders Shaping Digital Transformation In 2024 (1).pdfCIO Look Magazine
 
Cybersecurity Marketing
Cybersecurity MarketingCybersecurity Marketing
Cybersecurity MarketingAlex Weishaupt
 
10 Most Influential Leaders in Cybersecurity 2023.pdf
10 Most Influential Leaders in Cybersecurity 2023.pdf10 Most Influential Leaders in Cybersecurity 2023.pdf
10 Most Influential Leaders in Cybersecurity 2023.pdfCIO Look Magazine
 
The Most Impactful Women in Cybersecurity For 2024.pdf
The Most Impactful Women in Cybersecurity For 2024.pdfThe Most Impactful Women in Cybersecurity For 2024.pdf
The Most Impactful Women in Cybersecurity For 2024.pdfthesiliconleaders
 
Most Influential Thought Cybersecurity Leaders To Follow In 2024.pdf
Most Influential Thought Cybersecurity Leaders To Follow In 2024.pdfMost Influential Thought Cybersecurity Leaders To Follow In 2024.pdf
Most Influential Thought Cybersecurity Leaders To Follow In 2024.pdfInsightsSuccess4
 
Digital Defense A Deep Dive into Essential Cybersecurity Pathology Services.pdf
Digital Defense A Deep Dive into Essential Cybersecurity Pathology Services.pdfDigital Defense A Deep Dive into Essential Cybersecurity Pathology Services.pdf
Digital Defense A Deep Dive into Essential Cybersecurity Pathology Services.pdfthecioworldindia
 
India's Leading Cyber Security Companies to Watch.pdf
India's Leading Cyber Security Companies to Watch.pdfIndia's Leading Cyber Security Companies to Watch.pdf
India's Leading Cyber Security Companies to Watch.pdfinsightssuccess2
 

Recommended

The 10 Most Influential People In Cyber Security, 2024.pdf
The 10 Most Influential People In Cyber Security, 2024.pdfThe 10 Most Influential People In Cyber Security, 2024.pdf
The 10 Most Influential People In Cyber Security, 2024.pdfciolook1
 
10 Visionary Leaders Shaping Digital Transformation In 2024 (1).pdf
10 Visionary Leaders Shaping Digital Transformation In 2024 (1).pdf10 Visionary Leaders Shaping Digital Transformation In 2024 (1).pdf
10 Visionary Leaders Shaping Digital Transformation In 2024 (1).pdfCIO Look Magazine
 
Cybersecurity Marketing
Cybersecurity MarketingCybersecurity Marketing
Cybersecurity MarketingAlex Weishaupt
 
10 Most Influential Leaders in Cybersecurity 2023.pdf
10 Most Influential Leaders in Cybersecurity 2023.pdf10 Most Influential Leaders in Cybersecurity 2023.pdf
10 Most Influential Leaders in Cybersecurity 2023.pdfCIO Look Magazine
 
The Most Impactful Women in Cybersecurity For 2024.pdf
The Most Impactful Women in Cybersecurity For 2024.pdfThe Most Impactful Women in Cybersecurity For 2024.pdf
The Most Impactful Women in Cybersecurity For 2024.pdfthesiliconleaders
 
Most Influential Thought Cybersecurity Leaders To Follow In 2024.pdf
Most Influential Thought Cybersecurity Leaders To Follow In 2024.pdfMost Influential Thought Cybersecurity Leaders To Follow In 2024.pdf
Most Influential Thought Cybersecurity Leaders To Follow In 2024.pdfInsightsSuccess4
 
Digital Defense A Deep Dive into Essential Cybersecurity Pathology Services.pdf
Digital Defense A Deep Dive into Essential Cybersecurity Pathology Services.pdfDigital Defense A Deep Dive into Essential Cybersecurity Pathology Services.pdf
Digital Defense A Deep Dive into Essential Cybersecurity Pathology Services.pdfthecioworldindia
 
India's Leading Cyber Security Companies to Watch.pdf
India's Leading Cyber Security Companies to Watch.pdfIndia's Leading Cyber Security Companies to Watch.pdf
India's Leading Cyber Security Companies to Watch.pdfinsightssuccess2
 
The 10 Most Influential People in Cyber Security, 2023.pdf
The 10 Most Influential People in Cyber Security, 2023.pdfThe 10 Most Influential People in Cyber Security, 2023.pdf
The 10 Most Influential People in Cyber Security, 2023.pdfCIO Look Magazine
 
The 10 most influential leaders in security, 2021
The 10 most influential leaders in security, 2021The 10 most influential leaders in security, 2021
The 10 most influential leaders in security, 2021Merry D'souza
 
The 10 Most Influential Women In Cyber Security,2023.pdf
The 10 Most Influential Women In Cyber Security,2023.pdfThe 10 Most Influential Women In Cyber Security,2023.pdf
The 10 Most Influential Women In Cyber Security,2023.pdfCIO Look Magazine
 
India's Leading Cyber Security Companies_compressed.pdf
India's Leading Cyber Security Companies_compressed.pdfIndia's Leading Cyber Security Companies_compressed.pdf
India's Leading Cyber Security Companies_compressed.pdfInsights success media and technology pvt ltd
 
Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022Matthew Rosenquist
 
40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazineBradford Sims
 
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINETopCyberNewsMAGAZINE
 
The Most Influential Leaders in Cyber Security, 2023.pdf
The Most Influential Leaders in Cyber Security, 2023.pdfThe Most Influential Leaders in Cyber Security, 2023.pdf
The Most Influential Leaders in Cyber Security, 2023.pdfCIO Look Magazine
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurityMatthew Rosenquist
 
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and AdaptabilityPat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptabilityitnewsafrica
 
Unlocking Lucrative Career Paths with Information Security Training.pdf
Unlocking Lucrative Career Paths with Information Security Training.pdfUnlocking Lucrative Career Paths with Information Security Training.pdf
Unlocking Lucrative Career Paths with Information Security Training.pdfMilind Agarwal
 
The most innovative cybersecurity leaders to watch in 2024.pdf
The most innovative cybersecurity leaders to watch in 2024.pdfThe most innovative cybersecurity leaders to watch in 2024.pdf
The most innovative cybersecurity leaders to watch in 2024.pdfInsightsSuccess4
 
Top 5 Cybersecurity Trends in 2021 and Beyond
Top 5 Cybersecurity Trends in 2021 and BeyondTop 5 Cybersecurity Trends in 2021 and Beyond
Top 5 Cybersecurity Trends in 2021 and BeyondNandita Nityanandam
 
10 Most Influential Leaders in Cybersecurity, 2022.pdf
10 Most Influential Leaders in Cybersecurity, 2022.pdf10 Most Influential Leaders in Cybersecurity, 2022.pdf
10 Most Influential Leaders in Cybersecurity, 2022.pdfCIO Look Magazine
 
10 Most Influential Leaders in Cybersecurity 2022.pdf
10 Most Influential Leaders in Cybersecurity 2022.pdf10 Most Influential Leaders in Cybersecurity 2022.pdf
10 Most Influential Leaders in Cybersecurity 2022.pdfCIO Look Magazine
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesKroll
 
Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Technology
 
Most Impressive Leaders in Cybersecurity, Making Waves in the Industry 2023.pdf
Most Impressive Leaders in Cybersecurity, Making Waves in the Industry 2023.pdfMost Impressive Leaders in Cybersecurity, Making Waves in the Industry 2023.pdf
Most Impressive Leaders in Cybersecurity, Making Waves in the Industry 2023.pdfCIO Look Magazine
 
The Future of Cybersecurity
The Future of CybersecurityThe Future of Cybersecurity
The Future of CybersecurityTheWiltonBainGroup
 
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityCarbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityMighty Guides, Inc.
 
Middle East's 10 Most Influential CIOs to Watch.pdf
Middle East's 10 Most Influential CIOs to Watch.pdfMiddle East's 10 Most Influential CIOs to Watch.pdf
Middle East's 10 Most Influential CIOs to Watch.pdfTHECIOWORLD
 
CEO Spotlight South Africa's Most Influential CEOs to Know.pdf
CEO Spotlight South Africa's Most Influential CEOs to Know.pdfCEO Spotlight South Africa's Most Influential CEOs to Know.pdf
CEO Spotlight South Africa's Most Influential CEOs to Know.pdfTHECIOWORLD
 

More Related Content

Similar to The Most Influential CISOs Of The Year 2024.pdf

The 10 Most Influential People in Cyber Security, 2023.pdf
The 10 Most Influential People in Cyber Security, 2023.pdfThe 10 Most Influential People in Cyber Security, 2023.pdf
The 10 Most Influential People in Cyber Security, 2023.pdfCIO Look Magazine
 
The 10 most influential leaders in security, 2021
The 10 most influential leaders in security, 2021The 10 most influential leaders in security, 2021
The 10 most influential leaders in security, 2021Merry D'souza
 
The 10 Most Influential Women In Cyber Security,2023.pdf
The 10 Most Influential Women In Cyber Security,2023.pdfThe 10 Most Influential Women In Cyber Security,2023.pdf
The 10 Most Influential Women In Cyber Security,2023.pdfCIO Look Magazine
 
Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022Matthew Rosenquist
 
40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazineBradford Sims
 
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINETopCyberNewsMAGAZINE
 
The Most Influential Leaders in Cyber Security, 2023.pdf
The Most Influential Leaders in Cyber Security, 2023.pdfThe Most Influential Leaders in Cyber Security, 2023.pdf
The Most Influential Leaders in Cyber Security, 2023.pdfCIO Look Magazine
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurityMatthew Rosenquist
 
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and AdaptabilityPat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptabilityitnewsafrica
 
Unlocking Lucrative Career Paths with Information Security Training.pdf
Unlocking Lucrative Career Paths with Information Security Training.pdfUnlocking Lucrative Career Paths with Information Security Training.pdf
Unlocking Lucrative Career Paths with Information Security Training.pdfMilind Agarwal
 
The most innovative cybersecurity leaders to watch in 2024.pdf
The most innovative cybersecurity leaders to watch in 2024.pdfThe most innovative cybersecurity leaders to watch in 2024.pdf
The most innovative cybersecurity leaders to watch in 2024.pdfInsightsSuccess4
 
Top 5 Cybersecurity Trends in 2021 and Beyond
Top 5 Cybersecurity Trends in 2021 and BeyondTop 5 Cybersecurity Trends in 2021 and Beyond
Top 5 Cybersecurity Trends in 2021 and BeyondNandita Nityanandam
 
10 Most Influential Leaders in Cybersecurity, 2022.pdf
10 Most Influential Leaders in Cybersecurity, 2022.pdf10 Most Influential Leaders in Cybersecurity, 2022.pdf
10 Most Influential Leaders in Cybersecurity, 2022.pdfCIO Look Magazine
 
10 Most Influential Leaders in Cybersecurity 2022.pdf
10 Most Influential Leaders in Cybersecurity 2022.pdf10 Most Influential Leaders in Cybersecurity 2022.pdf
10 Most Influential Leaders in Cybersecurity 2022.pdfCIO Look Magazine
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesKroll
 
Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Technology
 
Most Impressive Leaders in Cybersecurity, Making Waves in the Industry 2023.pdf
Most Impressive Leaders in Cybersecurity, Making Waves in the Industry 2023.pdfMost Impressive Leaders in Cybersecurity, Making Waves in the Industry 2023.pdf
Most Impressive Leaders in Cybersecurity, Making Waves in the Industry 2023.pdfCIO Look Magazine
 
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityCarbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityMighty Guides, Inc.
 

Similar to The Most Influential CISOs Of The Year 2024.pdf (20)

The 10 Most Influential People in Cyber Security, 2023.pdf
The 10 Most Influential People in Cyber Security, 2023.pdfThe 10 Most Influential People in Cyber Security, 2023.pdf
The 10 Most Influential People in Cyber Security, 2023.pdf
 
The 10 most influential leaders in security, 2021
The 10 most influential leaders in security, 2021The 10 most influential leaders in security, 2021
The 10 most influential leaders in security, 2021
 
The 10 Most Influential Women In Cyber Security,2023.pdf
The 10 Most Influential Women In Cyber Security,2023.pdfThe 10 Most Influential Women In Cyber Security,2023.pdf
The 10 Most Influential Women In Cyber Security,2023.pdf
 
India's Leading Cyber Security Companies_compressed.pdf
India's Leading Cyber Security Companies_compressed.pdfIndia's Leading Cyber Security Companies_compressed.pdf
India's Leading Cyber Security Companies_compressed.pdf
 
Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022
 
40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine
 
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
 
The Most Influential Leaders in Cyber Security, 2023.pdf
The Most Influential Leaders in Cyber Security, 2023.pdfThe Most Influential Leaders in Cyber Security, 2023.pdf
The Most Influential Leaders in Cyber Security, 2023.pdf
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
 
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and AdaptabilityPat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
 
Unlocking Lucrative Career Paths with Information Security Training.pdf
Unlocking Lucrative Career Paths with Information Security Training.pdfUnlocking Lucrative Career Paths with Information Security Training.pdf
Unlocking Lucrative Career Paths with Information Security Training.pdf
 
The most innovative cybersecurity leaders to watch in 2024.pdf
The most innovative cybersecurity leaders to watch in 2024.pdfThe most innovative cybersecurity leaders to watch in 2024.pdf
The most innovative cybersecurity leaders to watch in 2024.pdf
 
Top 5 Cybersecurity Trends in 2021 and Beyond
Top 5 Cybersecurity Trends in 2021 and BeyondTop 5 Cybersecurity Trends in 2021 and Beyond
Top 5 Cybersecurity Trends in 2021 and Beyond
 
10 Most Influential Leaders in Cybersecurity, 2022.pdf
10 Most Influential Leaders in Cybersecurity, 2022.pdf10 Most Influential Leaders in Cybersecurity, 2022.pdf
10 Most Influential Leaders in Cybersecurity, 2022.pdf
 
10 Most Influential Leaders in Cybersecurity 2022.pdf
10 Most Influential Leaders in Cybersecurity 2022.pdf10 Most Influential Leaders in Cybersecurity 2022.pdf
10 Most Influential Leaders in Cybersecurity 2022.pdf
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & Responsibilities
 
Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...
 
Most Impressive Leaders in Cybersecurity, Making Waves in the Industry 2023.pdf
Most Impressive Leaders in Cybersecurity, Making Waves in the Industry 2023.pdfMost Impressive Leaders in Cybersecurity, Making Waves in the Industry 2023.pdf
Most Impressive Leaders in Cybersecurity, Making Waves in the Industry 2023.pdf
 
The Future of Cybersecurity
The Future of CybersecurityThe Future of Cybersecurity
The Future of Cybersecurity
 
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityCarbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint Security
 

More from THECIOWORLD

Middle East's 10 Most Influential CIOs to Watch.pdf
Middle East's 10 Most Influential CIOs to Watch.pdfMiddle East's 10 Most Influential CIOs to Watch.pdf
Middle East's 10 Most Influential CIOs to Watch.pdfTHECIOWORLD
 
CEO Spotlight South Africa's Most Influential CEOs to Know.pdf
CEO Spotlight South Africa's Most Influential CEOs to Know.pdfCEO Spotlight South Africa's Most Influential CEOs to Know.pdf
CEO Spotlight South Africa's Most Influential CEOs to Know.pdfTHECIOWORLD
 
Top Leaders in Aerospace & Aviation (1).pdf
Top Leaders in Aerospace & Aviation (1).pdfTop Leaders in Aerospace & Aviation (1).pdf
Top Leaders in Aerospace & Aviation (1).pdfTHECIOWORLD
 
Middle East's 10 Most Influential CCOs to Watch 1 (1).pdf
Middle East's 10 Most Influential CCOs to Watch 1 (1).pdfMiddle East's 10 Most Influential CCOs to Watch 1 (1).pdf
Middle East's 10 Most Influential CCOs to Watch 1 (1).pdfTHECIOWORLD
 
The 10 Most Influential CMOs To Watch In 2023.pdf
The 10 Most Influential CMOs To Watch In 2023.pdfThe 10 Most Influential CMOs To Watch In 2023.pdf
The 10 Most Influential CMOs To Watch In 2023.pdfTHECIOWORLD
 
The Most Influential CTOs to Follow in the Middle East (1).pdf
The Most Influential CTOs to Follow in the Middle East (1).pdfThe Most Influential CTOs to Follow in the Middle East (1).pdf
The Most Influential CTOs to Follow in the Middle East (1).pdfTHECIOWORLD
 
Middle East's Most Successful Women Leaders Transforming The Business.pdf
Middle East's Most Successful Women Leaders Transforming The Business.pdfMiddle East's Most Successful Women Leaders Transforming The Business.pdf
Middle East's Most Successful Women Leaders Transforming The Business.pdfTHECIOWORLD
 
The 10 Most Influential CFOs to Watch in 2024.pdf
The 10 Most Influential CFOs to Watch in 2024.pdfThe 10 Most Influential CFOs to Watch in 2024.pdf
The 10 Most Influential CFOs to Watch in 2024.pdfTHECIOWORLD
 
Architects of Tomorrow_Top 10 CAOs to Watch.pdf
Architects of Tomorrow_Top 10 CAOs to Watch.pdfArchitects of Tomorrow_Top 10 CAOs to Watch.pdf
Architects of Tomorrow_Top 10 CAOs to Watch.pdfTHECIOWORLD
 
Africa's Top 10 Visionary CEOs Making Waves in 2023.pdf
Africa's Top 10 Visionary CEOs Making Waves in 2023.pdfAfrica's Top 10 Visionary CEOs Making Waves in 2023.pdf
Africa's Top 10 Visionary CEOs Making Waves in 2023.pdfTHECIOWORLD
 
Final File The Most Influential CTOs to Follow in the Middle East.pdf
Final File The Most Influential CTOs to Follow in the Middle East.pdfFinal File The Most Influential CTOs to Follow in the Middle East.pdf
Final File The Most Influential CTOs to Follow in the Middle East.pdfTHECIOWORLD
 
How ImagineSoftware is Changing the Game for Healthcare Revenue Cycle Managem...
How ImagineSoftware is Changing the Game for Healthcare Revenue Cycle Managem...How ImagineSoftware is Changing the Game for Healthcare Revenue Cycle Managem...
How ImagineSoftware is Changing the Game for Healthcare Revenue Cycle Managem...THECIOWORLD
 
Top 10 Leaders Shaping the Future of Finance Industry.pdf
Top 10 Leaders Shaping the Future of Finance Industry.pdfTop 10 Leaders Shaping the Future of Finance Industry.pdf
Top 10 Leaders Shaping the Future of Finance Industry.pdfTHECIOWORLD
 
Singapore's Most Influential Business Leaders To Watch In 2023 4.pdf
Singapore's Most Influential Business Leaders To Watch In 2023 4.pdfSingapore's Most Influential Business Leaders To Watch In 2023 4.pdf
Singapore's Most Influential Business Leaders To Watch In 2023 4.pdfTHECIOWORLD
 
Leading the Way 10 South African Business Leaders Making a Difference.pdf
Leading the Way 10 South African Business Leaders Making a Difference.pdfLeading the Way 10 South African Business Leaders Making a Difference.pdf
Leading the Way 10 South African Business Leaders Making a Difference.pdfTHECIOWORLD
 
The Art of Negotiation Building Win-Win Business Deals.pdf
The Art of Negotiation Building Win-Win Business Deals.pdfThe Art of Negotiation Building Win-Win Business Deals.pdf
The Art of Negotiation Building Win-Win Business Deals.pdfTHECIOWORLD
 
Middle East's Most Successful Women Leaders Transforming the Business.pdf
Middle East's Most Successful Women Leaders Transforming the Business.pdfMiddle East's Most Successful Women Leaders Transforming the Business.pdf
Middle East's Most Successful Women Leaders Transforming the Business.pdfTHECIOWORLD
 
The 10 Most Impactful Leaders in Life Science.pdf
The 10 Most Impactful Leaders in Life Science.pdfThe 10 Most Impactful Leaders in Life Science.pdf
The 10 Most Impactful Leaders in Life Science.pdfTHECIOWORLD
 
The Role of Emotional Intelligence in Leadership and Business Success.pdf
The Role of Emotional Intelligence in Leadership and Business Success.pdfThe Role of Emotional Intelligence in Leadership and Business Success.pdf
The Role of Emotional Intelligence in Leadership and Business Success.pdfTHECIOWORLD
 
The Most innovative HealthTech companies to Watch in 2023.pdf
The Most innovative HealthTech companies to Watch in 2023.pdfThe Most innovative HealthTech companies to Watch in 2023.pdf
The Most innovative HealthTech companies to Watch in 2023.pdfTHECIOWORLD
 

More from THECIOWORLD (20)

Middle East's 10 Most Influential CIOs to Watch.pdf
Middle East's 10 Most Influential CIOs to Watch.pdfMiddle East's 10 Most Influential CIOs to Watch.pdf
Middle East's 10 Most Influential CIOs to Watch.pdf
 
CEO Spotlight South Africa's Most Influential CEOs to Know.pdf
CEO Spotlight South Africa's Most Influential CEOs to Know.pdfCEO Spotlight South Africa's Most Influential CEOs to Know.pdf
CEO Spotlight South Africa's Most Influential CEOs to Know.pdf
 
Top Leaders in Aerospace & Aviation (1).pdf
Top Leaders in Aerospace & Aviation (1).pdfTop Leaders in Aerospace & Aviation (1).pdf
Top Leaders in Aerospace & Aviation (1).pdf
 
Middle East's 10 Most Influential CCOs to Watch 1 (1).pdf
Middle East's 10 Most Influential CCOs to Watch 1 (1).pdfMiddle East's 10 Most Influential CCOs to Watch 1 (1).pdf
Middle East's 10 Most Influential CCOs to Watch 1 (1).pdf
 
The 10 Most Influential CMOs To Watch In 2023.pdf
The 10 Most Influential CMOs To Watch In 2023.pdfThe 10 Most Influential CMOs To Watch In 2023.pdf
The 10 Most Influential CMOs To Watch In 2023.pdf
 
The Most Influential CTOs to Follow in the Middle East (1).pdf
The Most Influential CTOs to Follow in the Middle East (1).pdfThe Most Influential CTOs to Follow in the Middle East (1).pdf
The Most Influential CTOs to Follow in the Middle East (1).pdf
 
Middle East's Most Successful Women Leaders Transforming The Business.pdf
Middle East's Most Successful Women Leaders Transforming The Business.pdfMiddle East's Most Successful Women Leaders Transforming The Business.pdf
Middle East's Most Successful Women Leaders Transforming The Business.pdf
 
The 10 Most Influential CFOs to Watch in 2024.pdf
The 10 Most Influential CFOs to Watch in 2024.pdfThe 10 Most Influential CFOs to Watch in 2024.pdf
The 10 Most Influential CFOs to Watch in 2024.pdf
 
Architects of Tomorrow_Top 10 CAOs to Watch.pdf
Architects of Tomorrow_Top 10 CAOs to Watch.pdfArchitects of Tomorrow_Top 10 CAOs to Watch.pdf
Architects of Tomorrow_Top 10 CAOs to Watch.pdf
 
Africa's Top 10 Visionary CEOs Making Waves in 2023.pdf
Africa's Top 10 Visionary CEOs Making Waves in 2023.pdfAfrica's Top 10 Visionary CEOs Making Waves in 2023.pdf
Africa's Top 10 Visionary CEOs Making Waves in 2023.pdf
 
Final File The Most Influential CTOs to Follow in the Middle East.pdf
Final File The Most Influential CTOs to Follow in the Middle East.pdfFinal File The Most Influential CTOs to Follow in the Middle East.pdf
Final File The Most Influential CTOs to Follow in the Middle East.pdf
 
How ImagineSoftware is Changing the Game for Healthcare Revenue Cycle Managem...
How ImagineSoftware is Changing the Game for Healthcare Revenue Cycle Managem...How ImagineSoftware is Changing the Game for Healthcare Revenue Cycle Managem...
How ImagineSoftware is Changing the Game for Healthcare Revenue Cycle Managem...
 
Top 10 Leaders Shaping the Future of Finance Industry.pdf
Top 10 Leaders Shaping the Future of Finance Industry.pdfTop 10 Leaders Shaping the Future of Finance Industry.pdf
Top 10 Leaders Shaping the Future of Finance Industry.pdf
 
Singapore's Most Influential Business Leaders To Watch In 2023 4.pdf
Singapore's Most Influential Business Leaders To Watch In 2023 4.pdfSingapore's Most Influential Business Leaders To Watch In 2023 4.pdf
Singapore's Most Influential Business Leaders To Watch In 2023 4.pdf
 
Leading the Way 10 South African Business Leaders Making a Difference.pdf
Leading the Way 10 South African Business Leaders Making a Difference.pdfLeading the Way 10 South African Business Leaders Making a Difference.pdf
Leading the Way 10 South African Business Leaders Making a Difference.pdf
 
The Art of Negotiation Building Win-Win Business Deals.pdf
The Art of Negotiation Building Win-Win Business Deals.pdfThe Art of Negotiation Building Win-Win Business Deals.pdf
The Art of Negotiation Building Win-Win Business Deals.pdf
 
Middle East's Most Successful Women Leaders Transforming the Business.pdf
Middle East's Most Successful Women Leaders Transforming the Business.pdfMiddle East's Most Successful Women Leaders Transforming the Business.pdf
Middle East's Most Successful Women Leaders Transforming the Business.pdf
 
The 10 Most Impactful Leaders in Life Science.pdf
The 10 Most Impactful Leaders in Life Science.pdfThe 10 Most Impactful Leaders in Life Science.pdf
The 10 Most Impactful Leaders in Life Science.pdf
 
The Role of Emotional Intelligence in Leadership and Business Success.pdf
The Role of Emotional Intelligence in Leadership and Business Success.pdfThe Role of Emotional Intelligence in Leadership and Business Success.pdf
The Role of Emotional Intelligence in Leadership and Business Success.pdf
 
The Most innovative HealthTech companies to Watch in 2023.pdf
The Most innovative HealthTech companies to Watch in 2023.pdfThe Most innovative HealthTech companies to Watch in 2023.pdf
The Most innovative HealthTech companies to Watch in 2023.pdf
 

Recently uploaded

Kraft Mac and Cheese campaign presentation
Kraft Mac and Cheese campaign presentationKraft Mac and Cheese campaign presentation
Kraft Mac and Cheese campaign presentationtbatkhuu1
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Film Nagar high-profile Call ...
VIP 7001035870 Find & Meet Hyderabad Call Girls Film Nagar high-profile Call ...VIP 7001035870 Find & Meet Hyderabad Call Girls Film Nagar high-profile Call ...
VIP 7001035870 Find & Meet Hyderabad Call Girls Film Nagar high-profile Call ...aditipandeya
 
Defining Marketing for the 21st Century,kotler
Defining Marketing for the 21st Century,kotlerDefining Marketing for the 21st Century,kotler
Defining Marketing for the 21st Century,kotlerAmirNasiruog
 
Brand experience Dream Center Peoria Presentation.pdf
Brand experience Dream Center Peoria Presentation.pdfBrand experience Dream Center Peoria Presentation.pdf
Brand experience Dream Center Peoria Presentation.pdftbatkhuu1
 
Uncover Insightful User Journey Secrets Using GA4 Reports
Uncover Insightful User Journey Secrets Using GA4 ReportsUncover Insightful User Journey Secrets Using GA4 Reports
Uncover Insightful User Journey Secrets Using GA4 ReportsVWO
 
BDSM⚡Call Girls in Sector 150 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 150 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 150 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 150 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Moving beyond multi-touch attribution - DigiMarCon CanWest 2024
Moving beyond multi-touch attribution - DigiMarCon CanWest 2024Moving beyond multi-touch attribution - DigiMarCon CanWest 2024
Moving beyond multi-touch attribution - DigiMarCon CanWest 2024Richard Ingilby
 
BDSM⚡Call Girls in Sector 128 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 128 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 128 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 128 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
How to utilize calculated properties in your HubSpot setups
How to utilize calculated properties in your HubSpot setupsHow to utilize calculated properties in your HubSpot setups
How to utilize calculated properties in your HubSpot setupsssuser4571da
 
Unraveling the Mystery of the Hinterkaifeck Murders.pptx
Unraveling the Mystery of the Hinterkaifeck Murders.pptxUnraveling the Mystery of the Hinterkaifeck Murders.pptx
Unraveling the Mystery of the Hinterkaifeck Murders.pptxelizabethella096
 
Instant Digital Issuance: An Overview With Critical First Touch Best Practices
Instant Digital Issuance: An Overview With Critical First Touch Best PracticesInstant Digital Issuance: An Overview With Critical First Touch Best Practices
Instant Digital Issuance: An Overview With Critical First Touch Best PracticesMedia Logic
 
Branding strategies of new company .pptx
Branding strategies of new company .pptxBranding strategies of new company .pptx
Branding strategies of new company .pptxVikasTiwari846641
 
Google 3rd-Party Cookie Deprecation [Update] + 5 Best Strategies
Google 3rd-Party Cookie Deprecation [Update] + 5 Best StrategiesGoogle 3rd-Party Cookie Deprecation [Update] + 5 Best Strategies
Google 3rd-Party Cookie Deprecation [Update] + 5 Best StrategiesSearch Engine Journal
 
How to Leverage Behavioral Science Insights for Direct Mail Success
How to Leverage Behavioral Science Insights for Direct Mail SuccessHow to Leverage Behavioral Science Insights for Direct Mail Success
How to Leverage Behavioral Science Insights for Direct Mail SuccessAggregage
 
Call Us ➥9654467111▻Call Girls In Delhi NCR
Call Us ➥9654467111▻Call Girls In Delhi NCRCall Us ➥9654467111▻Call Girls In Delhi NCR
Call Us ➥9654467111▻Call Girls In Delhi NCRSapana Sha
 

Recently uploaded (20)

Kraft Mac and Cheese campaign presentation
Kraft Mac and Cheese campaign presentationKraft Mac and Cheese campaign presentation
Kraft Mac and Cheese campaign presentation
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Film Nagar high-profile Call ...
VIP 7001035870 Find & Meet Hyderabad Call Girls Film Nagar high-profile Call ...VIP 7001035870 Find & Meet Hyderabad Call Girls Film Nagar high-profile Call ...
VIP 7001035870 Find & Meet Hyderabad Call Girls Film Nagar high-profile Call ...
 
Defining Marketing for the 21st Century,kotler
Defining Marketing for the 21st Century,kotlerDefining Marketing for the 21st Century,kotler
Defining Marketing for the 21st Century,kotler
 
Brand experience Dream Center Peoria Presentation.pdf
Brand experience Dream Center Peoria Presentation.pdfBrand experience Dream Center Peoria Presentation.pdf
Brand experience Dream Center Peoria Presentation.pdf
 
Uncover Insightful User Journey Secrets Using GA4 Reports
Uncover Insightful User Journey Secrets Using GA4 ReportsUncover Insightful User Journey Secrets Using GA4 Reports
Uncover Insightful User Journey Secrets Using GA4 Reports
 
BDSM⚡Call Girls in Sector 150 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 150 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 150 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 150 Noida Escorts >༒8448380779 Escort Service
 
Creator Influencer Strategy Master Class - Corinne Rose Guirgis
Creator Influencer Strategy Master Class - Corinne Rose GuirgisCreator Influencer Strategy Master Class - Corinne Rose Guirgis
Creator Influencer Strategy Master Class - Corinne Rose Guirgis
 
Moving beyond multi-touch attribution - DigiMarCon CanWest 2024
Moving beyond multi-touch attribution - DigiMarCon CanWest 2024Moving beyond multi-touch attribution - DigiMarCon CanWest 2024
Moving beyond multi-touch attribution - DigiMarCon CanWest 2024
 
BDSM⚡Call Girls in Sector 128 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 128 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 128 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 128 Noida Escorts >༒8448380779 Escort Service
 
Turn Digital Reputation Threats into Offense Tactics - Daniel Lemin
Turn Digital Reputation Threats into Offense Tactics - Daniel LeminTurn Digital Reputation Threats into Offense Tactics - Daniel Lemin
Turn Digital Reputation Threats into Offense Tactics - Daniel Lemin
 
How to utilize calculated properties in your HubSpot setups
How to utilize calculated properties in your HubSpot setupsHow to utilize calculated properties in your HubSpot setups
How to utilize calculated properties in your HubSpot setups
 
Unraveling the Mystery of the Hinterkaifeck Murders.pptx
Unraveling the Mystery of the Hinterkaifeck Murders.pptxUnraveling the Mystery of the Hinterkaifeck Murders.pptx
Unraveling the Mystery of the Hinterkaifeck Murders.pptx
 
Instant Digital Issuance: An Overview With Critical First Touch Best Practices
Instant Digital Issuance: An Overview With Critical First Touch Best PracticesInstant Digital Issuance: An Overview With Critical First Touch Best Practices
Instant Digital Issuance: An Overview With Critical First Touch Best Practices
 
The Future of Brands on LinkedIn - Alison Kaltman
The Future of Brands on LinkedIn - Alison KaltmanThe Future of Brands on LinkedIn - Alison Kaltman
The Future of Brands on LinkedIn - Alison Kaltman
 
Branding strategies of new company .pptx
Branding strategies of new company .pptxBranding strategies of new company .pptx
Branding strategies of new company .pptx
 
Foundation First - Why Your Website and Content Matters - David Pisarek
Foundation First - Why Your Website and Content Matters - David PisarekFoundation First - Why Your Website and Content Matters - David Pisarek
Foundation First - Why Your Website and Content Matters - David Pisarek
 
BUY GMAIL ACCOUNTS PVA USA IP INDIAN IP GMAIL
BUY GMAIL ACCOUNTS PVA USA IP INDIAN IP GMAILBUY GMAIL ACCOUNTS PVA USA IP INDIAN IP GMAIL
BUY GMAIL ACCOUNTS PVA USA IP INDIAN IP GMAIL
 
Google 3rd-Party Cookie Deprecation [Update] + 5 Best Strategies
Google 3rd-Party Cookie Deprecation [Update] + 5 Best StrategiesGoogle 3rd-Party Cookie Deprecation [Update] + 5 Best Strategies
Google 3rd-Party Cookie Deprecation [Update] + 5 Best Strategies
 
How to Leverage Behavioral Science Insights for Direct Mail Success
How to Leverage Behavioral Science Insights for Direct Mail SuccessHow to Leverage Behavioral Science Insights for Direct Mail Success
How to Leverage Behavioral Science Insights for Direct Mail Success
 
Call Us ➥9654467111▻Call Girls In Delhi NCR
Call Us ➥9654467111▻Call Girls In Delhi NCRCall Us ➥9654467111▻Call Girls In Delhi NCR
Call Us ➥9654467111▻Call Girls In Delhi NCR
 

The Most Influential CISOs Of The Year 2024.pdf

  • 2.
  • 3.
  • 4. The Cost of Convenience in Cyberspace is Eternal Vigilance Against Compromise ur world is more linked than it has ever been, and Othere is an incredible quantity of data and information available online. Although there is no denying that this interconnection has led to amazing developments and conveniences, it has also exposed us to fluctuations and new hazards. The growing advancement of technology has made cyber attacks inevitable, thus making it imperative for both individuals and corporations to prioritize cybersecurity as a critical business requirement. Consequently, the digitalization of our daily lives has not only revolutionized the way we work and communicate but has also given rise to an expanding global cyber threat landscape. No technology or piece of information connected to the internet is immune to potential breaches. As our dependence on technology grows, so does the sophistication of cyber threats, ranging from malware and phishing attacks to ransomware and sophisticated hacking techniques. The field of cybersecurity is expanding swiftly, making it somewhat challenging to stay up to date with all the newest advancements and approaches. Recognizing this challenge,
  • 5. The CIO World brings an edition titled “The Most Influential CISOs of the Year 2024,” showcasing leaders in cybersecurity who have proven to be exceptionally skilled at addressing the convoluted and perpetually shifting discipline of cybersecurity. These leaders act as role models, exhibiting not just their technological proficiency but also their strategic vision for protecting companies from cyberattacks. Have a good read ahead! CIO - Alaya Brown Managing Editor
  • 6. C O V E R S T O R Y Engr. Harrison Nnaji Ph.D. Charting the Course for Cybersecurity Excellence
  • 7. James Tewes Transforming Businesses for Greater Value Sawan Joshi Guardian of Digital Frontiers Stuart Walsh Guardians of Data Integrity Metrics Every CISO Should Track Measuring Cybersecurity Effectiveness The Human Factor Addressing Insider Threats in Cybersecurity for CISOs Tariq Al-Shareef Cybersecurity Visionary and Global Contributor: Safeguarding Saudi Arabia’s Cyber Frontlines
  • 8. In the dynamic landscape of today’s digital age, safeguarding sensitive information and digital assets has remained a paramount concern. The escalation of cyber threats necessitates visionary leaders who possess a deep understanding of cybersecurity intricacies along with the strategic foresight to pave the way for excellence. Meet Dr. Engr. Harrison Nnaji, a distinguished professional with an impressive array of qualifications, including four Masters degrees, a Ph.D., and an extensive list of certifications: CCISO, CISM, CEH, CCNP, CCSP, CISSP, MoR, and TOGAF9. With over 17 years of experience, he has earned a reputation as a trailblazer in the fields of cyber, data, and information security. His journey has been marked by consistent successes in steering organizations towards resilient security measures while optimizing resources for maximum impact. Harrison isn’t just known for his cybersecurity expertise; he's a prominent figure who generously shares his wealth of knowledge without reservation, particularly in areas such as: Empowering Organizations with Strategic Vision and Unyielding Security! The Most Influen al CISOs of the Year 2024
  • 9. Dr. Harrison Nnaji Group Chief Informa on Security Officer FirstBank of Nigeria Ltd. & its Subsidiaries
  • 10. Leadership: Harrison's leadership skills are evident in his ability to guide teams and foster unity, not just in securing systems but in bringing diverse groups together towards achieving common goals. Motivation: His commitment to excellence, evident in his pursuit of continuous professional development, serves as motivation for those around him. He also regularly shares motivational nuggets across different channels to keep his followership engaged, coached, and guided. Career Success: With a track record of transforming challenges into opportunities, Harrison has consistently delivered year-over-year improvements in key metrics, cementing his role as a transformational force. Entrepreneurship: His strategic acumen goes beyond traditional roles, as he has demonstrated an entrepreneurial spirit in his ability to engineer, design, and deliver security solutions that transcend industry boundaries. Harrison Nnaji is the Group Chief Information Security Officer (CISO) at FirstBank Nigeria Ltd. and Its Subsidiaries, where his influence extends far beyond his formal title. Holding a degree in Electrical and Electronics Engineering, a Master’s in Project Management, M.Phil. in Management, an M.Sc. in Security Management, and another M.Sc. in Cyber Security majoring in Cloud Security, he possesses a formidable skill set, knowledge, and experience. His unwavering commitment to ethical standards and integrity are evident in every facet of his work. Harrison’s legacy is built on his ability to seamlessly engineer, design, and deliver security solutions that transcend industry boundaries. His expertise in internetworking, IT governance, infrastructure architectures, people management, emerging technologies, strategy formulation and execution, and IT delivery management has been instrumental in fostering holistic improvements in the cyber security landscapes. A diplomatic virtuoso, Harrison's natural affinity for building relationships, persuading stakeholders, and fostering consensus sets him apart as a leader who not only secures systems but unites teams. His journey thrives in a fast-paced, multicultural, and multilingual arena, where challenges fuel his growth, and his dedication to continual professional development is palpable in every endeavor. Under his leadership, working with all stakeholders to harmonize emerging technologies and secure computing practices have been nothing short of exemplary. His ability to turn challenges into opportunities has led to remarkable year-over-year improvements in key metrics. His pursuit of excellence remains unwavering, ensuring that loyalty, productivity, and profitability are constant companions on his journey. These achievements have earned Harrison Nnaji the title of “The Most Influential CISO of the Year 2024,” an award bestowed by The CIO World, a prestigious global magazine dedicated to sharing the inspiring and transformative stories of professionals and leading businesses worldwide. Below are the highlights of the interview: Unleashing Strategic Vision: Harrison Nnaji's Impact on Today's Security, Tomorrow's Possibilities Harrison Nnaji is an accomplished Data and Information Security Strategist & Practitioner with 17+ years of solid experience in the conception, engineering, design, delivery, operation, and optimization of cyber, data, and information security, risk management, networking, IT operations, and project management. He has achieved repeated successes in leading cybersecurity strategies and secure computing practices with both emerging and established technologies/processes, surpassing maximum operational impacts with minimum resource expenditures across diverse industries, including Banking, Telecommunications, Distribution, Original Equipment Manufacturers (OEMs), and Service Integration. His proficiency extends to areas such as internetworking, contract management, IT governance and processes, IT portfolio management, infrastructure architectures, and IT delivery management. Harrison possesses strong diplomatic skills, a natural affinity for cultivating relationships, and a talent for persuading, facilitating, and building consensus among diverse individuals, all with an undiluted focus on prime objectives. Thriving in a fast-paced, multicultural, multilingual, and multifaceted arena, Harrison embraces challenges as opportunities for continual professional growth. He is currently completing another Ph.D. in Offensive Cyber Engineering to deepen his knowledge of the continuous changes in the cyber threat landscape and the impact of the emerging technologies. Harrison's diverse capabilities translate to immediate value while upholding prevailing ethics and standards for integrity, dedication, teamwork, productivity, profitability, and excellence.
  • 11. Visionary: From Engineering to Cybersecurity Leadership Prior to his academic pursuits, Harrison embarked on a career in Nigeria, fulfilling his national youth service requirements. He gained valuable experience working for Telnet, a premier IT systems organization in the country, where he served as an IT Support Engineer. This role fueled his passion for information technology and allowed him to witness various IT interactions, interventions, and troubleshooting processes. Taking advantage of this opportunity, Harrison began to develop his skills in IT alongside his engineering background. He obtained the Cisco Certified Network Associate certification even before his graduation from the national youth service program. Impressed by his performance, Telnet Nigeria Ltd. decided to retain his services as a Network Support Engineer, and he continued working for the company after completing his national youth service. Within Telnet, Harrison expanded his knowledge in information technology, focusing on networking and network technologies at a subsidiary called iTECO. He thereafter joined a new company, Reddington Nigeria Ltd, A VAD (Value Added Distributor) as the Cisco Pre-sales Engineer. This opportunity exposed him to sales, marketing, contract closure, partner management, and contract management, which significantly enhanced his customer engagement, people management skills and business acumen. During his time with Reddington Nigeria, where he worked on various projects and prospects, Harrison received another career opportunity to join Airtel Nigeria Ltd. a telecommunication company as an IT Security Specialist, shifting his focus from networking to security. This role exposed him to the Airtel Group’s practices and further expanded his experience in the telecommunications industry. He began working for IBM in 2011 as a manager of infrastructure and network security. He took on responsibility for networking and security components while supporting multiple projects at IBM. Driven by his will to improve his abilities, experiences, and knowledge as well as his willingness to take on new responsibilities for more value creation, Harrison's career kept developing.
  • 12. This drive led him to pursue a Master’s Degree in Project Management, enabling him to contribute more effectively to major regional projects at IBM. In pursuit of his passion for organizational transformation and digitalization, Harrison seized an opportunity to join UBA Plc – a major Pan African Bank, as the pioneer Head of their Enterprise Security Division. During his tenure, he focused on building security standards and architecture and implementing measures to mitigate cyber-attacks and fraud. His expertise in technology management, practices, and regulations played a crucial role in driving UBA’s digital and cyber defense transformation. As his career progressed, Harrison continued to acquire knowledge, experiences, and skills to stay ahead. He pursued additional master’s degrees, this time focusing on security, management and cloud technologies. Recognizing the potential of cloud adoption, he delved into cloud security and cloud technology to ensure well-informed decision-making. Driven by a desire to remain a transformational leader, he pursued a Ph.D. in Management, Leadership, and Organizational Strategy at Walden University. This advanced degree equipped him with the necessary tools to drive organizational transformation and maximize opportunities for value creation at scale. Transforming Individuals and Organizations Many challenges have been encountered and addressed in college, leading to personal transformation for numerous individuals. Harrison has played a role in transforming those who work with him. Additionally, he has spoken at various regional, local, and global conferences, even participating in major conferences as a speaker, panelist, or moderator. However, the focus remains on acquiring sufficient relevant knowledge and understanding of the terrain and potential threats to effectively mitigate cyber risks and related threats while maximally promoting and protecting the business aspirations. In terms of cybersecurity and its associated concerns, Harrison offers unique selling propositions, precautionary measures, and comprehensive systems to ensure the protection of both customers and clients. Harrison championed the development of intricate systems, architectures, and strategies to continue serving all customers with minimal exposure to risks. Records show that necessary steps are being taken to safeguard the customers and maintain their satisfaction. Harrison's Guide to Navigating Cyber Risks In the world of managing cyber risks, Harrison is a leading expert. He wants us to know that dealing with cyber risks is an ongoing journey, not a one-time project. He knows a lot about this topic and makes it easy to understand. Harrison says that cyber risks are not just about a company’s reputation. They are about protecting important assets, adopting enriching practices, and stopping threats effectively defending against cyber threats. To make a good plan for cyber risks, he says you need to know what your business is about. This will improve the chances of finding and protecting important assets like systems, people, contracts, ideas, and partnerships. Harrison also talks about how even if you use products and services without knowing who made them, you still need to keep them safe by applying your personal cyber hygiene practices, he doesn’t only talk about cyber risks. He also talks about other problems like fraud and weak systems. When something goes wrong, he has ideas on how to fix it. He talks about using a technique called heat mapping to understand the state of the ecosystem, categorize the issues, and understand what to fix first. He also wants companies to plan for the short, medium, and long-term to keep getting better. Harrison says we shouldn't ignore old problems when we face new ones. Every vulnerability should be tracked until closure is validated. Most importantly, he wants us to know that dealing with cyber risks is always changing and challenging. We need to pay attention and be ready to protect our businesses consistently and continuously. Understanding Business and Cybersecurity Harrison knows a lot about how business and cybersecurity work together. He says each business is different, so their cybersecurity plans and practices should be too. Harrison talks about different ways businesses work, like people working from home, on their phones, or pursuing different business aspirations. He says we need to hire the right people, and be careful—that we should have good practices and follow them.
  • 13. Technology is a big part of cybersecurity, and he knows it. He wants us to protect things like computers, networks, and data centers. We need to be careful with data and control who can access them. Training is important. People need to know what to do to stay safe. And when something bad happens, we need a plan to fix it. We also need to talk to the public if something goes wrong. Hiring other companies to help when necessary is advisable, but we need to make sure they fit our business and keep control in-house, says Harrison. Making a Big Impact Harrison has proven himself to be a valuable asset to both individuals and businesses, bringing a lot of practical benefits. His impact is evident in various aspects of life. Moreover, through his extensive LinkedIn network, he generously shares his valuable knowledge with the community, engaging in events and collaborations. His involvement in cybersecurity rule-making groups highlight his commitment to the industry’s growth. Harrison earned the title of “CISO of the Year” in a certain region of Africa, a fact he keeps humble and private. His intelligence shines through in real-life scenarios, such as thwarting cyber-attacks originating from different countries. His actions are driven by importance rather than awards, underscoring his genuine nature. Harrison’s top advice involves thorough planning and continuous learning. He’s adept at setting ambitious objectives and gleaning insights from them. His aspiration is for people to be well-prepared for fresh opportunities and the challenges they bring. Great Advice from Harrison Harrison frequently gets asked about becoming a Chief Information Security Officer (CISO). He stresses the significance of acquiring the right skills and being open to continuous learning. According to him, it’s essential not to solely focus on the job title. Instead, he recommends gaining a strong grasp of cybersecurity, especially in the realm of infotech. This broader knowledge equips individuals to handle various tasks, not just one. Harrison advises creating a skill checklist and working on acquiring those skills. This approach enhances capabilities and the overall job performance. In addition, he discusses the benefits of setting up a personal home lab. He sees this not only as a practical endeavor but also as a means of continuous learning. He believes that ongoing education is crucial for personal improvement and knowledge enrichment. His concepts carry substantial value and extend aid to numerous individuals and businesses. Dedicated Pursuit of Personal and Professional Excellence: A Glimpse of Harrison's Achievements Throughout his journey of personal and career growth, Harrison has dedicated himself to a diverse range of courses that have enriched his knowledge and skill set. These courses span across various domains, each contributing to his expertise and commitment to continuous improvement: 1. Accounting & Finance 2. Business Economics 3. Computer Application/ Information Technology 4. Contract Law 5. Cost Management 6. Design Management 7. Development Economics 8. Effective Presentation and Communication Skills 9. Human & Industrial Relations 10. Industrial & Labour Law 11. Nature & Content of Project Management 12. Negotiation
  • 14. Hiring the right individuals and conducting thorough background checks are crucial cybersecurity measures. Insider risks pose a considerable threat, and organizations must be cautious about who they bring into their teams.
  • 15. 13. Organisational Behaviour 14. Procurement Methods 15. Quantitative Methods & Simulations Studies 16. Resource Management 17. Research Methodology and Project Report 18. Time Management These comprehensive courses not only showcase Harrison’s commitment to learning but also his determination to excel in various facets of the ever-evolving fields of technology, management, and cybersecurity. Honors and Awards – Harrison’s drive for excellence hasn't gone unnoticed, as he has received multiple honors and awards for his contributions and achievements: • 9 Commendation Letters for Various Exceptional Contributions Towards the achievement of the Bank’s Business Aspirations Issued by UBA PLC. • IBM Manager’s Choice Award Issued by IBM · Dec 2013 • Award for Excellent Service Delivery Issued by Hamid Husain: Chief Information Officer, ZAIN Nigeria. Jan 2009 · Jan 2009 • Award for Excellent Service Delivery Issued by John Ayo: Chief Information Officer, Celtel Nigeria Ltd. Mar 2008 · Mar 2008 • CISO of the year award - Finnovex West Africa Awards, 2022 • FirstBank Hero Award - FirstBank Annual Merit Awards, FAMA 2020, 2022 These accolades reflect not only his dedication but also his tangible impact on the organizations he has been a part of. Harrison's journey is characterized by a relentless pursuit of knowledge, an unwavering commitment to excellence, and a profound impact on the organizations he has served. His achievements, both in terms of educational pursuits and professional recognition, stand as a testament to his passion and determination in the fields of technology, cybersecurity, and management. There are many more highlights on Harrison Nnaji’s LinkedIn profile. Testimonials from Professionals who have worked with Engr. Harrison Nnaji, Ph.D. Jacxine Fernandez - VP of Information Security at Bangalore International Airport Ltd.: “I had the privilege of working closely with Harrison during the West Africa IT LAN Zoning project for Airtel. Harrison’s attention to detail, technical expertise, and exceptional project management skills were instrumental in the project’s success. He not only troubleshooted effectively but also sought continuous improvement, demonstrating his commitment to excellence. Harrison's well-rounded professionalism makes him an asset to any organization.” Uchechukwu Ngonebu - Project Director at Huawei: “Having worked with Harrison, I can confidently say he’s a highly detailed professional, particularly in Network & IT Security Management. His deep knowledge of inter- network platforms is a significant asset to any company he collaborates with.” Fred Ekete - Lead, Quality Assurance and Tools at Airtel Nigeria: “Throughout my interactions with Harrison over the past 7 years, I have found him to be transparent, diligent, and honest, and his integrity is commendable. I wouldn't hesitate to recommend him to any organization that values these qualities.” Sunny Birdi - Entrepreneur: “Harrison's dedication during the IBM/Airtel partnership was exceptional. He demonstrated a multi- skilled and forward-thinking approach, effectively managing both internal and external stakeholders. His business acumen and leadership skills are highly commendable. Harrison is undoubtedly a 5-star player, and I wholeheartedly recommend him.”
  • 16.
  • 17.
  • 18. Embracing the Joy of Turning Around Struggling Ventures and Constantly Striving for Improvement! Think about a time when you faced a formidable challenge. Did you not emerge from that experience stronger, wiser, and more resilient? Challenges have an incredible capacity to foster personal growth. They compel us to delve into our inner resources, tap into our creativity, and discover strengths we might not have known existed. "Can a business truly thrive without facing and overcoming challenges? Is there joy in smooth sailing, or is it in the storm that we discover our true capabilities?" These are the questions that resonate with James Tewes, a seasoned professional whose passion lies not in the comfort of well-established enterprises but in the thrill of turning the tides for struggling businesses. As the Chief Information Security Officer at Greengage, he embodies the spirit of transformation. He shares, "I often honestly have found enjoyment in all the sectors that I have worked in, but it must involve a challenge. Coming into a business that is already working and functioning well does not interest me." For him, the allure lies in the prospect of revitalizing a struggling enterprise, whether it's addressing aging infrastructure, modernizing security measures after an audit reveals vulnerabilities, or even building a business from the ground up. The heart of James's professional satisfaction lies in the process of turning a business around and adding substantial value. "What makes me happy and gives me the reason to get up and work is when I can turn a business around and add considerable value," he emphasizes. Never content with merely meeting the requirements, he is known for seeking opportunities to enhance both himself and the projects he undertakes. His approach is structured, and methodical, and goes beyond the ordinary. "I have never been someone who was happy simply to do what was needed and no more. I would always look for ways to improve both myself and the project or environment that I am working on," he notes. Constantly refreshing his skills and delving deep into the products he works with, James exemplifies a commitment to excellence and a relentless pursuit of improvement. His journey at Greengage is not just about securing information; it's about fortifying businesses, navigating challenges, and turning adversity into triumph. In the world of business alchemy, he is the maestro orchestrating the transformation of challenges into opportunities. Below are the interview highlights: Could you please elaborate on Greengage and its inception story? Greengage is a digital finance pioneer that provides a platform of relationship-based e-money account services to SMEs, high-net-worth individuals, and digital asset firms to the highest ethical, secure, and compliance standards. Alongside our account services, we provide clients access January, 2024 www.thecioworld.com 16 The Most Influen al CISOs of the Year 2024
  • 19. James Tewes Chief Informa on Security Officer Greengage January, 2024 www.thecioworld.com 17
  • 20. to a B2B lending platform offering digital sources of money. Our tailored services are delivered by people, empowered by technology. Greengage was founded in 2018, and we now have over 30 staff and excellent client feedback. We embrace new technology in digital assets and our core proposition as a means to add value to our clients in their day-to-day endeavors. Through Founder’s Eyes: Sean Kiernan is the Founder and CEO of Greengage, and they set up the firm with a view to building a service-led organization to support our clients in navigating the bridge between traditional financial services and digital innovation. Sean has extensive experience in financial services, having worked in various executive management positions. He founded Greengage after working at the first bank in the world to offer crypto products to clients, Falcon Private Bank, where he served as the COO and interim CEO of the London operation until he left to establish Greengage. Prior to that, he held management positions at Clariden Leu, a division of Credit Suisse, and Zurich Financial Services. Mr. Kiernan has an MBA from the University of St. Gallen and a BSc from Georgetown University. Can you summarize your 28 years of experience in infrastructure and cybersecurity, emphasizing key achievements? Throughout my career, which began at the age of 17, I've had the privilege of working for esteemed companies and collaborating with exceptional colleagues on exciting and challenging projects. Notably, a few milestones include: London 2012 Olympics and Paralympics: Working on this project was a unique privilege. The high visibility and pressure during this global event required quick learning and problem-solving. I identified and resolved environmental issues promptly, ensuring a smooth operation of the infrastructure during the live games, which had a global viewership exceeding 3 billion. The project involved managing over 10,000 servers and workstations and 8,000 users, spanning static core infrastructure and dynamic event locations. Teams worked around the clock, addressing critical changes and fixes during the live games and executing planned changes at night to prepare for the following day's events. British Petroleum (BP): At BP, a significant achievement was contributing to the data center consolidation project. This involved building primary and secondary data centers in London and decommissioning all European data centers. My role in building the initial core server infrastructure facilitated the migration of approximately 40,000 servers, significantly reducing the physical server footprint through virtualization. Harrods Bank: Initially hired as a consultant for infrastructure refresh, I played a crucial role in understanding and migrating legacy systems. Working in the complex environment of the banking sector, I contributed to scaling up the bank's staff and systems, witnessing a 400% increase in size. My focus on security remained paramount throughout, ensuring a seamless migration and ultimately leading to the bank's sale to a challenger bank. Sonali Bank: After joining as a security consultant, I addressed gaps highlighted in an external cybersecurity audit. Implementing the necessary security layers significantly improved the bank's security posture. Taking over the IT department, I crafted an 18-month roadmap, modernizing the infrastructure and leaving the bank in an enhanced and secure state. In each role, my commitment to learning, problem-solving, and prioritizing security has been central to achieving successful outcomes. January, 2024 www.thecioworld.com 18
  • 21. Among the financial, Oil & Gas, Sports, Manufacturing, and Government sectors, which presented the most unique challenges, and how did you address them? In the financial sector, I've experienced challenges that are particularly daunting due to the intricate technologies and customized nature of products. Security measures must be meticulously implemented to protect the environment and clients, while strict adherence to regulations is paramount. Successfully overcoming these challenges hinges on a profound understanding of products, configurations, and security measures at the granular level. Thorough planning and end-to-end testing, including robust rollback plans, are essential. Involving banking teams in testing is critical, as relying solely on IT can lead to significant oversights. Testing must cover all possible scenarios, accounting for the varying activities banks conduct hourly, daily, weekly, and monthly. Failure to test comprehensively can result in seemingly successful upgrades that reveal issues days or weeks later. In the financial industry, any failure in upgrades or system changes can lead to substantial financial and customer repercussions, causing severe reputational damage to the business. Major outages are often attributed to inadequate testing and a failure to test rollback procedures thoroughly. Can you share an example of effectively communicating a complex technical issue to stakeholders at different business levels? In my experience, effective communication within a business requires tailoring your message to the audience's varying levels of understanding. Particularly in IT, where technical proficiency can differ widely, it's crucial to focus on the business impact, necessary actions for resolution, and the implications of inaction. By emphasizing these aspects and presenting with confidence, I've noticed increased buy-in from the business. It's essential to avoid overly technical discussions, as executives may disengage, leading to resistance against proposed changes. For instance, in a scenario involving a financial institution, I needed to upgrade and replace key payment gateways to enhance resilience. Despite initial doubts from my direct management about securing funding, I successfully engaged with the bank's leadership. I provided a high-level rationale for the work, offering a straightforward technical overview that resonated with all levels of understanding. This approach proved successful in obtaining the required funding and steering the project to completion. Can you highlight a successful implementation of a cybersecurity solution that significantly improved an organization's security posture? Working at Sonali Bank UK, I prioritized implementing a comprehensive MDR (Managed Detection and Response) solution as a vital defense measure. For smaller banks like ours, MDR covers essential components like a 24x7 SOC, SIEM, Vulnerability Scanning, Cloud Posture Management, and Endpoint management. Limited resources often expose smaller banks to vulnerabilities, making continuous monitoring crucial. In the financial sector, risk awareness isn't a 9-5 affair; it demands 24x7 vigilance. Any claim of complete security is unrealistic. As a CISO, honesty about potential threats is vital, and taking proactive steps to safeguard both the bank's and clients' data is paramount. In your role, collaboration with third-party support and suppliers is crucial. How do you ensure effective partnerships and smooth integration with external entities? Effective collaboration hinges on adeptly managing partnerships and workflows, a task contingent on the involved companies. Employing skilled project managers significantly influences workflow and change management. Establishing centralized communication points among companies is pivotal to ensuring prompt and efficient work execution. Collaborating with proficient, communicative, and adaptive companies enhances the overall experience. However, encountering less cooperative entities poses challenges, impeding progress in implementations, changes, and bug fixes. The judicious choice of tracking tools proves vital for monitoring extensive workflows and task statuses and preemptively addressing potential issues, facilitating collaborative problem-solving and timely resolution. Reflecting on your career, what accomplishment or project are you most proud of, and how did it positively impact the businesses you worked with? I would say my current role as CISO of Greengage is one of my proudest. While I have enjoyed many projects at various companies, at Greengage we were in the fortunate position of building a financial institution environment from the ground up. This is a great challenge: having the ability to design the most optimal architecture using the most appropriate products for all infrastructure and security layers, rather than what often happens traditionally: inheriting the chosen products by historic teams, which may not be the right products for their purpose. This enabled the business to successfully go live with its e- money offering and start onboarding its customers, which was a proud moment for the business and proves what can be achieved with the hard work of all the teams. January, 2024 www.thecioworld.com 19
  • 22. The only truly secure system is one that is powered off, cast in a block of concrete, and sealed in a lead- lined room with armed guards. In the ever-evolving landscape of cybersecurity, where threats loom large and technology advances at a rapid pace, the quote by Gene Spafford resonates with a certain irony. Achieving absolute security is an elusive goal, but that doesn't mean cybersecurity efforts are in vain. Instead, it underscores the importance of measuring cybersecurity effectiveness to enhance resilience and response. How do we evaluate the efficacy of our cybersecurity measures? What metrics provide meaningful insights into our defenses? In this article, we delve into the crucial realm of measuring cybersecurity effectiveness, aiming to navigate the complexities of securing our digital landscapes. Understanding Cybersecurity Effectiveness At the heart of any robust cybersecurity strategy is the fundamental question: How effective are our security measures? Cyber threats are dynamic and multifaceted, ranging from sophisticated malware and phishing attacks to zero-day vulnerabilities. In this environment, a proactive and adaptable approach is necessary, and that's where measuring cybersecurity effectiveness becomes imperative. Effectiveness in cybersecurity is not a one-size-fits-all concept. It encompasses various dimensions, including prevention, detection, response, and recovery. The goal is not only to prevent breaches but also to minimize the impact when preventive measures fall short. It involves creating a layered defense strategy that combines technology, policies, and user awareness. Measuring Cybersecurity Effectiveness Key Metrics for Measuring Cybersecurity Effectiveness Incident Detection Time: • Metric: Mean Time to Detect (MTTD) • Significance: MTTD measures the average time it takes to identify a security incident from the moment it occurs. A lower MTTD suggests a more efficient detection process, enabling quicker responses to potential threats. Incident Response Time: • Metric: Mean Time to Respond (MTTR) • Significance: MTTR measures the average time taken to respond to and mitigate a security incident once detected. A swift response is crucial for minimizing the impact of a breach and preventing further damage. False Positive Rate: • Metric: Percentage of False Positives • Significance: While detection is essential, too many false positives can overwhelm security teams and lead to alert fatigue. A lower false-positive rate indicates more accurate threat detection, allowing teams to focus on genuine risks. Vulnerability Patching Time: • Metric: Time to Patch Vulnerabilities • Significance: Timely patching of vulnerabilities is critical to closing potential entry points for attackers. Monitoring and reducing the time it takes to patch known vulnerabilities enhances the overall cybersecurity posture. Metrics Every CISO Should Track January, 2024 www.thecioworld.com 20
  • 24. Phishing Resilience: • Metric: Phishing Click Rate • Significance: Phishing attacks remain a common entry point for cybercriminals. Measuring the rate at which users click on phishing links provides insights into the effectiveness of awareness training and the overall security culture. User Education Effectiveness: • Metric: Training Completion Rates • Significance: Educating users on cybersecurity best practices is essential. Monitoring training completion rates helps gauge the effectiveness of educational programs and identifies areas for improvement. Endpoint Protection: • Metric: Endpoint Detection and Response (EDR) Effectiveness • Significance: Endpoints are frequent targets for attacks. Evaluating the effectiveness of EDR solutions in detecting and responding to threats at the endpoint provides a crucial layer of security. Challenges in Measuring Cybersecurity Effectiveness Despite the importance of these metrics, measuring cybersecurity effectiveness comes with its own set of challenges. The dynamic nature of cyber threats, the evolving technology landscape, and the increasing sophistication of attackers make it challenging to establish static benchmarks. Additionally, the interconnectedness of systems and the sheer volume of data generated pose difficulties in discerning meaningful patterns. Moreover, the intangible nature of successful cyber attacks—particularly those prevented—complicates the assessment process. How can one measure the absence of a breach? It requires a shift in mindset from merely counting successful attacks to evaluating the effectiveness of proactive measures in thwarting potential threats. A Comprehensive Approach to Cybersecurity Effectiveness To address these challenges, organizations must adopt a comprehensive approach to measuring cybersecurity effectiveness. This involves integrating quantitative metrics with qualitative assessments, leveraging technology, and fostering a culture of continuous improvement. • Risk-Based Metrics: Develop metrics that align with the organization's risk appetite. Focus on measuring the effectiveness of controls that directly mitigate high- impact risks. • Continuous Monitoring: Implement continuous monitoring systems to track real-time security metrics. This allows for immediate responses to emerging threats and provides a more accurate reflection of the current security posture. • Red Team Exercises: Conduct regular red team exercises to simulate real-world attack scenarios. These exercises help evaluate the effectiveness of both preventive and responsive measures in a controlled environment. • Collaborative Threat Intelligence: Engage in information sharing and collaborative threat intelligence efforts with industry peers. This collective approach enhances the ability to identify and respond to emerging threats more effectively. • Security Awareness and Training: Emphasize the human element by investing in ongoing security awareness and training programs. Measure the impact of these programs on user behavior and the overall security culture within the organization. Conclusion Metrics are valuable indicators, but they should not be the sole focus. Cybersecurity effectiveness is a holistic concept that involves people, processes, and technology working in tandem. While metrics provide quantifiable insights, qualitative assessments, adaptive strategies, and a commitment to continuous improvement are equally essential. As Gene Spafford's quote suggests, achieving absolute security might be an unattainable goal, but the journey toward it is marked by resilience, adaptability, and a commitment to staying one step ahead of the ever-evolving threat landscape. In measuring cybersecurity effectiveness, organizations not only safeguard their digital assets but also fortify their ability to thrive in an interconnected and unpredictable cyberspace. January, 2024 www.thecioworld.com 22 - Alaya Brown
  • 25.
  • 26. Championing Privacy, Inspiring Change, and Nurturing the Future! In a world dominated by Gen Z, where our lives are increasingly lived online, from social media interactions to online purchases, each digital engagement contributes to what has come to be known as our "digital footprint." This footprint is essentially a trail of personal data points that collectively paint a vivid picture of who we are, what we like, and how we direct the digital landscape. While this information can be harnessed for targeted advertising or improved user experiences, it also raises concerns about the extent to which individuals have control over their own data. Sawan Joshi emerges as a stalwart defender, donning the mantle of Chief Information Security Officer at Mitiga Solutions & The Privacy Business Group Ltd. Sawan's journey into information security was not just a career choice; it was a calling fueled by a profound sense of responsibility. Inspired by the digitization of data, he recognized the transformative power of technology in shaping our lives. Simultaneously, he was drawn into the industry by the alarming surge in cybercrimes, each one a stark reminder of the vulnerabilities of our interconnected world. Given a stage to speak about protecting people, Sawan's message is clear and concise. In a world where data is both the lifeblood of progress and the target of malicious intent, he advocates for a collective responsibility to safeguard privacy. As the CISO, his mission extends beyond securing data; it's about empowering individuals to take well- informed actions in their roles as guardians of digital sanctuaries. Behind the title of Chief Information Security Officer lies the role that truly defines Sawan—being a father. As a parent to quadruplet children, he draws inspiration from their innocence and envisions a future where digital landscapes are resilient and secure. For him, the responsibility of protecting not just his own family but the global digital community adds depth and urgency to his mission. Sawan Joshi is not just safeguarding the present; he's architecting a resilient future. His role extends beyond the corporate corridors to the heart of family life. By instilling the importance of privacy and security in his children, he's shaping a generation that understands the value of digital trust and the significance of safeguarding data. January, 2024 www.thecioworld.com 24 The Most Influen al CISOs of the Year 2024
  • 27. In an age where information is power, Sawan's advocacy for privacy and security becomes not just a professional responsibility but a profound commitment to the well-being of individuals and generations to come. Below are the interview highlights: Could you please brief us about Mitiga Solutions and its inception story? Founded in 2018, Mitiga Solutions is a science-based climate risk intelligence company that helps organizations understand their exposure to climate risk to make well- informed decisions and protect their assets. Can you share your journey in the fields of information security, IT operations, and data protection, highlighting key milestones in your 15-year career? Over the past 15 years, we have seen many acquisitions, mergers, and even divestitures, and my career has been loaded with this topic. With over 10 acquisitions under my belt, I supported my employers with complex scenarios where global offices are in scope and provided solutions from technological capabilities that have come from highly available private and public clouds and the way replication solutions can allow for data integrity and collaboration. It was important to provide agile and adaptive solutions during these initiatives. Some key highlights during my career were building information security and operations for London Luton Airport, a highly regulated essential services provider that needed a balanced blend of internal and external security that not only protected digital systems but also provided monetization opportunities through physical security technologies inside the airport facilities. Over the years, I leveraged the opportunity to network at the board level. This level of communication was a very exciting area for me, as it built my own career confidence through the validation it received. I would always bring well-prepared information to a meeting to validate having a place at such meetings, and it was important that I knew it so well that I could articulate it in that meeting to keep stakeholder interest. This always meant keeping the focus on why my points mattered in the first place. During my role at First Port Ltd., which is the UK's largest property management company and now a global organization that has set out to grow by acquisition at a rapid pace, protecting the executive leadership team's interests was vital, as was ensuring impartial facts reached Sawan Joshi Chief Informa on Security Officer Mi ga Solu ons & The Privacy Business Group Ltd. January, 2024 www.thecioworld.com 25
  • 28. the board. To do that, strategic alignment was key, and to ensure that as we completed these acquisitions, the risks that were taken on by the acquired company were going to be managed with trusted eyes and that clear sight of what they were was shared before closing the investment. To do that, I created a repeatable acquisition capability that could be applied each time, which led to success in my role, and new risks were processed into the security roadmap. To do that, ensuring technologies that can scale with simplicity was vital, as was having the internal and external people on board to make it happen. I have often found that it is not the size of the team but the capability of the team that counts most. To sum up, some highlights of my data protection experience are not sector-specific. As I grew my experience and continued to top up my knowledge, which is constantly part of the territory, I was able to tailor and adapt it to any organization type once I understood the business and what applied to them first. This has become my personal repeatable strategy, which has now been applied to an airport, a global sports retail company, the UK's number one charity for dogs, multiple financial services companies, and now 2 climate tech companies. These have become adventures I love to tell my network and specifically my children as they grow up and begin to understand that working for who you want is going to have a better chance of happening if you empower yourself with a career strengthened by knowledge, and if you know it well, you can explain it well. In your current role as the Chief Information Security Officer at Mitiga Solutions, what strategic initiatives have you implemented to enhance information security within the organization? The time to act against the risks our world faces from climate change is now; it cannot be an afterthought, and within the public and private sectors, we have an opportunity to take steps that make an impact now. It all starts with taking a 360-degree look at all prospects and what matters to them. This means customers, partners, and investors now and in the future. Building a strategic roadmap along with laws and regulations that are within scope and will build trust in the supply chain is essential. I articulate a roadmap like this as protection around people, platforms, and processes that can provide balanced protection of assets and support revenue generation through independent validations. These are how we make sure we can be relied on to score highly in trust scores with our privacy-by-default design business architecture. In these pillars, what that would look like is to ensure we put a layered defense around people to ensure we protect their identity with multiple factors, plus the additional layers that include anomaly detection for those sign-ins, such as impossible travel metrics and user behavior analytics to detect deviations from normal interactions and data manipulations. Additionally, on platforms, it is vital to implement a clear, transparent view of all these activities once an identity has been validated to ensure trust, but verification is constant and any adverse interactions and activities across platforms are quickly identified so we can take response actions. January, 2024 www.thecioworld.com 26
  • 29. The third pillar is to build robust capabilities around processes through top-down governance and ensure we have data protection compliance and business continuity, with disaster recovery baked right in. That is how you become breach-ready so that an adverse incident becomes an operational metric to track and continuously improve on and not a business-hindering aftermath. This does not mean going out and purchasing all the latest security technologies that cover the acronyms that are constantly evolving as buzzwords in the broad offerings of many solution providers, but this means ensuring financial stewardship is at the heart of a roadmap like this and that investments are of low complexity and cost, thus achieving understandable security by design. As a business leader, that is important. At The Privacy Business Group Ltd., how did you contribute to the development of privacy strategies? What were the key challenges you faced in this role, and what is TriStep.io? As I found my approach to applying privacy and security strategies to any sector successful, I realized I wanted to apply this to more companies and reflected on my experience with large enterprises vs. the challenges startups face as they try to do business with large enterprises. I wanted to take my experience from both sides into making those public and private business partnerships simpler to put together, trustable by validation, and successful in their ability to last. That is when I decided to form The Privacy Business Group Ltd., but my goal was not to focus on traditional advisory services. Today, not many organizations want a 5-year plan sold to them in an interview; they want objectives and key results measured quarterly, and I want to bring the capability to help organizations have a low-level touch from an advisory and to easily gain access to software that is not only low-cost but will give a 3-step plan to risk and sustainability frameworks that will help them mind their own posture. That is why I founded TriStep.io, which is a risk and sustainability framework platform that will be available for everyone in January 2024. Could you share insights into the significance of the certifications you obtained? These qualifications offer very relevant future-proof value and offer a complex path to obtain them, which is part of the achievement after all, the easy options are never of the most value. The qualifications from IAPP, ISC2, and ISACA offer continuous professional development systems to keep the certification valid for a fee, and participation keeps continuous learning on track and your initial investment in place. It is important to know the operating cost of achieving and maintaining certifications when deciding how much to work for in salary or self-employment and to take that into account when running your own career. My view is that no employer should run your career; it is important to drive that yourself. January, 2024 www.thecioworld.com 27
  • 30. Addressing Insider Threats in Cybersecurity for CISOs The greatest danger to our cybersecurity often lurks within our own walls. How can CISOs effectively address insider threats and safeguard their organizations? Cybersecurity has become a cornerstone in protecting organizations from an ever-expanding array of threats. While external threats like hackers and malware often grab the headlines, the significance of insider threats cannot be overstated. Insiders, whether intentionally malicious or unwittingly negligent, pose a substantial risk to an organization's sensitive data and digital infrastructure. For Chief Information Security Officers (CISOs), the challenge lies in navigating this complex landscape to secure their organizations from within. Understanding Insider Threats Insider threats can manifest in various forms, from employees with malicious intent seeking financial gain or revenge to well-meaning staff who inadvertently compromise security through negligence. In fact, a 2021 Insider Threat Report found that 68% of organizations feel vulnerable to insider attacks. This underscores the urgency for CISOs to adopt a comprehensive approach to address this multifaceted challenge. The first step in tackling insider threats is acknowledging that they exist. No organization is immune, regardless of its size or industry. As a CISO, it's imperative to cultivate a culture of cybersecurity awareness within the organization and foster an environment where employees understand the potential risks associated with their actions. Building a Culture of Cybersecurity Awareness How can you expect your employees to safeguard your organization if they don't understand the value of the information they're protecting? Creating a culture of cybersecurity awareness starts with education. Regular training sessions and workshops should be conducted to keep employees informed about the latest cybersecurity threats, including the potential impact of insider threats. This education should extend beyond the IT department to reach all levels of the organization. When everyone understands the risks, they are more likely to actively contribute to the organization's cybersecurity efforts. Additionally, implementing strong access controls and monitoring mechanisms is essential. Limiting access to sensitive information on a need-to-know basis reduces the likelihood of unauthorized or unintentional data exposure. Regularly reviewing and updating access permissions, especially when employees change roles or leave the organization, is crucial to maintaining a secure environment. Implementing User Behavior Analytics It's not just about what people do, but how they do it. Understanding user behavior is key to detecting potential insider threats before they escalate. User Behavior Analytics (UBA) plays a pivotal role in identifying anomalous activities that may indicate insider threats. By establishing a baseline of normal user behavior, security systems can detect deviations that may signal a potential security risk. For example, sudden access to sensitive data by an employee who has never accessed it before or irregular login times can trigger alerts for further investigation. January, 2024 www.thecioworld.com 28
  • 31. The Human Factor January, 2024 www.thecioworld.com 29
  • 32. CISOs should leverage advanced technologies, such as machine learning algorithms, to enhance the accuracy of UBA. These technologies can analyze vast amounts of data and detect patterns that may elude traditional security measures. Investing in UBA not only strengthens an organization's defenses but also allows for more proactive threat mitigation. Monitoring Privileged Users With great power comes great responsibility, and privileged users are no exception. Monitoring their activities is a critical aspect of insider threat prevention. Privileged users, such as system administrators and executives, have elevated access levels that make them potential targets or unwitting conduits for insider threats. CISOs must implement robust monitoring systems to track the activities of privileged users, ensuring that their actions align with their roles and responsibilities. Regular audits and reviews of privileged user access logs can reveal any suspicious behavior or unauthorized access. This proactive approach enables CISOs to intervene promptly and mitigate potential threats before they escalate. Moreover, it sends a clear message that all users, regardless of their position, are subject to scrutiny to maintain a secure environment. Establishing a Whistleblower Program Sometimes, the most valuable insights come from within. Encourage employees to speak up if they notice anything amiss. A whistleblower program provides employees with a confidential channel to report suspicious activities without fear of reprisal. CISOs should work in collaboration with HR and legal teams to establish a robust and anonymous reporting mechanism. This encourages a sense of shared responsibility for cybersecurity and can be an invaluable source of early detection for insider threats. To ensure the effectiveness of the whistleblower program, it's essential to communicate its existence clearly and regularly. Employees should be informed about the importance of reporting any concerns promptly, emphasizing that their contributions play a crucial role in safeguarding the organization. Responding to Insider Threat Incidents Prevention is ideal, but preparation is imperative. Having a well-defined incident response plan is essential when addressing insider threats. No cybersecurity strategy is foolproof, and insider threats may still occur despite the best preventive measures. CISOs must have a well-defined incident response plan in place to mitigate the impact of a potential breach swiftly. The incident response plan should outline clear procedures for identifying, containing, and eradicating insider threats. This includes collaboration with the legal and HR teams to handle potential legal and personnel issues. Regularly testing and updating the incident response plan ensures its effectiveness when faced with the dynamic nature of insider threats. Conclusion In the realm of cybersecurity, the real challenge often lies not in the complexity of technology but in understanding human behavior. CISOs must address insider threats with a combination of technological solutions, cultural initiatives, and proactive measures. As CISOs navigate the ever-evolving landscape of cybersecurity, addressing insider threats should remain a top priority. By building a culture of cybersecurity awareness, implementing advanced technologies like UBA, monitoring privileged users, establishing whistleblower programs, and having a robust incident response plan, CISOs can strengthen their organizations from within. The journey towards a more secure future begins by recognizing that the greatest threats may be those working within our own walls, and the key to success lies in a proactive and holistic approach to cybersecurity. - Alaya Brown January, 2024 www.thecioworld.com 30
  • 33.
  • 34. A Journey of Compliance, Innovation, and ISO 27001 Certification in Healthcare Cybersecurity! s your data safe? A question echoing through the Icorridors of the digital age resonates with a sense of urgency and responsibility. In a world where information is the lifeblood of industries, it's crucial to have guardians at the helm. Meet Stuart Walsh, the vigilant guardian of digital fortresses, currently serving as the Chief Information Security Officer (CISO) at Blue Stream Academy Ltd. Stuart's journey from a website designer to CISO reflects the evolving landscape of cybersecurity. As organizations, especially in sensitive sectors like healthcare, grapple with the escalating significance of data, Stuart's story mirrors this paradigm shift. His tenure commenced with expanded responsibilities in office management, a testament to his adaptability and foresight. With the impending shadow of the General Data Protection Regulation (GDPR), Stuart recognized the need to fortify their defenses and showcase a robust commitment to data protection. The pursuit of ISO 27001 accreditation became a strategic move, a bold statement affirming Blue Stream Academy Ltd.'s dedication to safeguarding the integrity of information. In the pivotal year of 2017, he stepped into the role of CISO, entrusted with the mission to establish and coordinate an Information Security Management System (ISMS). This system not only aligned with GDPR requirements but also laid the groundwork for ISO 27001 certification. His leadership became instrumental in navigating the complexities of compliance, ensuring that the organization not only met regulatory standards but surpassed them. Below are the interview highlights: Can you briefly describe your role as the Chief Information Security Officer (CISO) at Blue Stream Academy Ltd. and the primary responsibilities that come with it? As the CISO at Blue Stream Academy Ltd., my role centers on safeguarding our information systems; my responsibilities encompass developing and implementing a comprehensive information security strategy that aligns with both our business objectives and the stringent regulatory demands of the healthcare industry. A key part of my job is managing risks associated with information security, which involves identifying potential threats, assessing vulnerabilities, implementing appropriate mitigation strategies, and ensuring compliance with ever- evolving legal and regulatory standards. I lead the response to any security incidents, collaborate closely with various departments to ensure a unified approach to information security, and regularly communicate with senior management and stakeholders about our security posture and initiatives. I also oversee the selection and management of security technologies and drive the development of cybersecurity training and awareness programs for all employees. January, 2024 www.thecioworld.com 32
  • 35. Stuart Walsh Chief Informa on Security Officer Blue Stream Academy Ltd. January, 2024 www.thecioworld.com 33 The Most Influen al CISOs of the Year 2024
  • 36. In your experience as a CISO, what do you consider the most challenging aspect of ensuring information security within a healthcare-focused organization? The most challenging aspects of ensuring information security within a healthcare-focused organization are compliance and regulatory requirements. The UK healthcare industry is obviously heavily regulated; ensuring that our organization meets these requirements and is aware of any changes in the law, the legal landscape, or best practices in data protection, particularly in the post- Brexit era, requires regular training and awareness programs for all employees as well as continuous monitoring and auditing of our data processing activities. The burden of compliance can sometimes be disproportionately heavy; as such, it is especially important that I am able to foresee potential changes and ensure that our organization remains proactive rather than reactive in its compliance efforts and has the agility to adapt to changes in a way that aligns with both our legal obligations and operational realities. How do you approach creating and implementing information security policies to align with the unique needs and regulations of healthcare organizations in the UK? Understanding the specific needs and challenges of healthcare organizations is crucial when implementing information security policies. Our approach to creating and implementing these policies is a balanced mix of regulatory compliance, risk management, adaptability, collaboration, and education tailored to meet the specific needs of the UK healthcare industry. In terms of regulatory alignment, the UK’s legal landscape for data protection and healthcare information security is guided primarily by the General Data Protection Regulation (GDPR), as incorporated into UK law post-Brexit, and the Data Protection Act 2018. These regulations set the baseline for our information security policies. To align our policies with these regulations, we conduct a thorough analysis of our data processing activities, assessing how data is collected, stored, used, and shared. This helps in identifying and mitigating risks and ensuring compliance with data protection principles. Another key aspect is ensuring that our policies are not static; the healthcare sector and its regulatory environment are dynamic, with evolving challenges and legal requirements. Therefore, our policies are designed to be flexible and adaptable, with regular reviews and updates to reflect changes in technology, threats, and regulations. Collaboration with healthcare organizations, stakeholder engagement, training, and awareness are also integral to our policy implementation. Can you share an example of a significant security challenge you've faced in your role and how you successfully mitigated the risk while maintaining operational efficiency? One of the most significant security challenges I have faced in my role as CISO, especially during the COVID-19 pandemic, was the rapid transition to remote work. This shift posed a unique set of risks, particularly for our organization, which provides online training and HR management platforms to healthcare organizations in the UK, where data sensitivity and privacy are paramount. The primary challenge was ensuring that our employees could work from home securely without compromising the confidentiality, integrity, and availability of the sensitive data we handle. The risks were multifaceted, including increased vulnerability to cyberattacks, potential data breaches, and the challenge of maintaining compliance with stringent healthcare data protection regulations in a remote environment. January, 2024 www.thecioworld.com 34
  • 37. Mitigating these issues required enhanced VPN security, the securing of home networks, increased endpoint protection, improved data access controls, additional training, auditing and monitoring, and adaptation of our business continuity planning. By implementing these measures, we were able to successfully mitigate the risks associated with remote work during the COVID-19 pandemic. Our team remained productive and efficient, and we ensured that the sensitive data we handled remained secure, maintaining the trust of our clients in the healthcare sector. This experience also provided valuable insights and preparedness strategies that have strengthened our overall information security posture. With the constantly evolving landscape of cybersecurity threats, how do you stay informed about the latest trends and technologies to ensure Blue Stream Academy's information security measures remain robust? Staying informed of the rapidly evolving landscape of cybersecurity threats is a critical aspect of my role as CISO. In an industry as sensitive as healthcare, it's imperative that our security measures are not just current but also forward- looking, which involves continuous learning and research, engagement with cybersecurity communities, attending conferences, exhibitions, and workshops, maintaining supplier relationships and industry partnerships, vulnerability assessments, and incident reviews. Considering the sensitivity of healthcare data, how do you ensure compliance with relevant data protection laws, such as GDPR, and maintain a high standard of data privacy? Our approach to compliance with data protection laws and maintaining data privacy involves a blend of ongoing legal understanding, risk management, policy implementation, staff training, technical safeguards, vendor compliance, incident preparedness, and transparent communication with data subjects. A thorough and continuously updated understanding of GDPR and other relevant regulations is essential; we conduct regular risk assessments and Data Protection Impact Assessments (DPIAs) to identify and mitigate potential risks in our data processing activities, aligning with GDPR's proactive risk management requirements. We have established robust data protection policies and procedures, which are regularly reviewed and updated to ensure compliance with legal requirements. Employee training and awareness are key; we regularly educate our staff on GDPR requirements, data breach recognition and reporting, and best practices in data handling to minimize human error-related breaches. Technical and organizational measures, such as encryption, access controls, and regular security audits, are implemented and continually revised to safeguard data. Vendor management is also crucial, ensuring that our partners comply with the same data protection standards through due diligence and contractual agreements. Finally, transparency with data subjects about their data usage, rights, and exercise of these rights is a critical aspect of our strategy, ensuring clear communication and maintaining trust. January, 2024 www.thecioworld.com 35
  • 38. s the digital world continues to evolve at a Abreakneck pace, the question on everyone's mind is, How do we protect ourselves in this ever- expanding cyber landscape? In the quest for answers, we turn our spotlight on Tariq Al-Shareef, a luminary in the field of cybersecurity whose journey is not just a career but a commitment to fortifying the digital realm. Tariq's journey started when he graduated from the esteemed King Fahd University of Petroleum and Minerals with a degree in electrical engineering. He went to the National Information Center for his first professional experience, where he became well-versed in the complex field of information technology. He had no idea that this first action would set off a series of events that would transform the cybersecurity landscape forever. The turning point came when Tariq transitioned to the dynamic field of cybersecurity, specifically as an Incident Response Analyst. This early exposure not only honed his skills but also laid the groundwork for his subsequent roles. His invaluable contributions as an Incident Response Consultant at SITE were instrumental in addressing national cyberattacks in Saudi Arabia, showcasing his prowess in the ever-evolving battlefield of cybersecurity. Tariq's trajectory further unfolded in the financial sector, where he collaborated with ENBD, leaving an indelible mark on the industry. His exceptional skills and strategic acumen paved the way for his current role as the Chief Information Security Officer (CISO) at SiFi. In this influential position, he stands as a guardian of digital fortresses, navigating the complex landscape of cybersecurity and steering strategies to safeguard vital information. Cybersecurity Visionary and Global Contributor: Safeguarding Saudi Arabia’s Cyber Frontlines Let’s delve into the tale of a lifelong learner and advocate for secure technological advancements! Could you please tell us about SiFi and its inception story? SiFi was founded by His Excellency Ahmed Alhakbani with the vision of revolutionizing enterprise financial management in the Kingdom. SiFi offers a comprehensive suite of solutions that address the key challenges of enterprise finance management, empowering enterprises to grow and thrive. What are the key challenges that organizations face in terms of information security today and how do you address them in your role as a CISO? The cybersecurity landscape presents a formidable array of challenges, each with its own unique complexities and varying degrees of severity depending on the organization’s industry and size. These challenges have fueled a global January, 2024 www.thecioworld.com 36
  • 39. Tariq Al-Shareef Chief Informa on Security Officer SiFi January, 2024 www.thecioworld.com 37 The Most Influen al CISOs of the Year 2024
  • 40. market worth an estimated 150 billion USD in 2021 as organizations worldwide strive to fortify their digital defenses against the ever-evolving threat landscape. While cybersecurity challenges manifest in diverse forms, certain issues transcend individual organizations, demanding a coordinated response at the national level. One such issue is the global shortage of skilled cybersecurity professionals, while another is the escalating cost of cybersecurity services and solutions. As a CISO and cybersecurity expert, my paramount responsibility is to empower the organization to thrive while adhering to the applicable regulatory framework and ensuring the protection of information assets against cyber threats. This entails a comprehensive approach to identifying, prioritizing, and mitigating cybersecurity risks, ensuring that these risks are effectively communicated to the executive management team. The overarching challenge I face lies in striking a delicate balance between compliance and risk reduction without unduly straining the organization’s resources. How do you ensure the confidentiality, integrity, and availability of sensitive data within your organization? As a CISO in the financial industry, I am mandated to adhere to all applicable regulatory frameworks and industry standards. These frameworks and standards are intended to safeguard the confidentiality, integrity, and availability (CIA) of our organization’s data and systems. It is my duty to ensure that all CIA controls are implemented, effective, and measured, and that comprehensive cybersecurity hygiene is adopted. As well as to translate the cyber risks into a language that is well understood by the board. What strategies do you employ to stay updated with the latest security threats and emerging technologies? Cybersecurity is a rapidly evolving field, with new technologies and threats emerging at a rapid pace. This can make it difficult to stay up-to-date and maintain a comprehensive understanding of the threat landscape. However, several steps can be taken to maintain awareness of the latest developments in cybersecurity. One step is to read periodic reports published by cybersecurity companies and to follow new cybersecurity research. Additionally, reading cybersecurity blogs, following cybersecurity experts on social media, and connecting with field experts can provide valuable insights into the latest January, 2024 www.thecioworld.com 38
  • 41. threats and trends. Finally, participating in cybersecurity conferences can offer an opportunity to learn about new technologies and trends, as well as to network with other cybersecurity professionals. Can you provide an example of a successful security incident response you have managed? How did you handle the situation, and what measures did you take to mitigate the impact? While I’m constrained from discussing specific incidents from my previous and current roles, I can share that I have extensive experience as a digital forensic and incident response consultant. In this capacity, I have assisted numerous clients in effectively responding to cyber breaches and remediating the damage caused by these attacks. A common shortcoming observed during my experience is the absence of adequate monitoring on affected servers. This lack of visibility leaves critical systems vulnerable to undetected intrusions and potential data breaches. Additionally, the failure to promptly apply patches for known high-severity vulnerabilities creates exploitable entry points for malicious actors. These vulnerabilities, if left unaddressed, can serve as easy targets for attackers to exploit, potentially compromising sensitive data and disrupting operations. Furthermore, the lack of proper network segmentation and duty segregation can amplify the impact of breaches. By segmenting networks and implementing clear segregation of duties, organizations can limit the scope of potential damage and minimize the spread of unauthorized access. How do you approach building a strong security culture within the organization and what steps do you take to ensure that all employees are aware of their roles and responsibilities in maintaining information security? Creating a strong cybersecurity culture in an organization is a top-down endeavor. The CISO must ensure that the board of directors and executive management are fully committed to cybersecurity, as this is essential for employee adoption. Once this commitment is made, awareness programs should be established to educate employees about the threats posed by cyberattacks. This will help to create a culture of awareness and preparedness, which is essential for implementing and maintaining the best cybersecurity practices. In your opinion, what are the most essential security controls that every organization should have in place? Many accredited standards identify the essential cybersecurity controls based on the industry. In Saudi Arabia, the National Cybersecurity Authority has developed the Essential Cybersecurity Controls, which outline the fundamental controls that organizations must implement. Due to their limited resources, I believe that SMEs should prioritize security controls that reduce the attack surface and protect against automated attacks. This includes implementing a vulnerability management program, deploying essential security controls such as firewalls as well as web application firewalls, and applying best practices such as hardening standards and configuration. Additionally, organizations should enforce endpoint protection on all assets by implementing endpoint detection and response (EDR) and advanced antivirus solutions to protect against malware and ransomware. How do you collaborate with other departments, such as IT, legal, and compliance, to ensure a holistic approach to information security? The collaboration should be embedded in the organization’s culture. Working in a startup, which is a high-caliber environment, made this part easy for me. To make sure that people work together well, it is important to have clear rules and guidelines that explain everyone’s roles and responsibilities. This will help to avoid confusion and make sure that everyone is working towards the same goals. It is also important to clearly explain tasks to each department so that everyone knows what they need to do and what the expected outcome is. This will help to avoid misunderstandings and make sure that everyone is working on the same page. January, 2024 www.thecioworld.com 39
  • 42.