Cybersecurity leaders gather at GovWare Focus
A meeting of hearts and minds for over 100 cybersecurity practitioners.
It was a meeting of hearts and minds for cybersecurity practitioners. Some even came from overseas.
On Monday, I noted that the CISOs probably have the hardest job in the world.
One CISO even quipped that BSBH (Bao-Sau-Bao-Hai) is the "corporate" title for cybersecurity leaders.
π π°πΉπΌππ²-πΈπ»πΆπ π°πΌπΊπΊππ»πΆππ
It can be a lonely journey and being part of a community can make all the difference in finding support and staying updated.
This probably explains the over 100 cybersecurity leaders who showed up for yesterday's GovWare Focus.
Here are some snippets from the rich presentations and panel discussions.
The evolving role of the CISO
Is the role of the CISO changing? Of course, panellists say.
- CISOs must engage stakeholders and users to help them understand why things are done. But CISOs cannot achieve this alone. They must connect across departments and work with their teams to represent them.
- CISOs walk a tightrope, noted one practitioner. They have to do a balancing act. And their balance must be always correct. If they stumble, they might fall. And when they fall, it can cause civil or even criminal liabilities.
- Thought leadership not optional: Today, the board need the help of CISOs to look ahead and advise on future variations of threats (and technologies) - and less so about the next shiny object to buy.
The modern threat actor
Threat actors aren't staying still either.
As noted by one presenter, they will attempt to get in by:
- Breaking in - Exploits, zero-days, malware.
- Logging in - Credential theft, account takeover.
- Paying the way in - Dark Web purchases, RaaS etc.
- Asking to be let in - Malicious insiders, social engineering.
No wonder CISOs are stressed!
Notable quotes
Here are some quotes that caught my attention. Can you identify with any of them?
- Comparison to insurance: "Every cent you spend on insurance is wasted when you are well. But once you fall sick, or anytime there is a cyber incident... even the millions spent is suddenly not enough."
- Cheap, good, and fast, please: "The buy side [customers] have very little budget; they want the best products, and they want it quickly."
- Phishing education ins hard: "Our focus on phishing education has reduced phishing rates substantially. But it's still not zero. And our red teams had always gotten through." Ouch!
That's all for now.
In the meantime, do show some appreciation to your cybersecurity colleagues today!