CISO Conversations: CISOs in Cloud-based Services Discuss the Process of Leadership
Introduction
In a recent edition of CISO Conversations, SecurityWeek sat down with Billy Spears, CISO at Teradata, and Lea Kissner, CISO at Lacework, to discuss their career journeys in cybersecurity and the evolving role of the CISO in cloud-based services. The conversation touched on topics such as the making of a leader, the balance between being a business leader and a technical leader, the challenges of building and retaining a strong security team, the importance of diversity, the issue of burnout, and the future threats in cybersecurity.
Getting Started and Progressing in Cybersecurity
Billy Spears and Lea Kissner both found their way into cybersecurity through different paths. Spears stumbled into the field by accident, attracted by the opportunity to better protect and enable businesses while establishing trust. Kissner, on the other hand, started off in experimental robotics and eventually transitioned into cryptography, earning a PhD in the field. Both CISOs emphasized the importance of curiosity and constantly learning and progressing in their careers.
The Making of a Leader
Both Spears and Kissner found that their leadership skills grew naturally as their roles expanded. Spears attributed his growth as a leader to his curiosity about data and his journey in learning how to protect it technically, while also considering governance, risk, and compliance considerations. For Kissner, leadership skills developed through taking on new projects and managing larger teams, always adhering to the rule of “don’t be a jerk.” Both CISOs highlighted the importance of trust and building strong relationships with the teams they lead.
Business Leader or Technical Leader
The role of the CISO has evolved over the years, with the understanding that security is not a standalone function but an integral part of the business. While both Spears and Kissner agreed that the CISO must have a strong technical background, they also emphasized the importance of being business-focused and having a good understanding of the company’s objectives and the relevant laws and regulations. Spears referred to himself as a technical business leader, highlighting the need to manage responsibilities in line with the company’s expectations and prevent risks from spiraling out of control.
Gathering and Keeping a Strong Security Team
Recruiting and retaining a strong security team is a major challenge for CISOs. Spears recommended being creative in recruitment efforts, looking for potential talent and mentoring them to become future managers and even CISOs in their own right. Kissner emphasized the importance of treating candidates with respect during the hiring process and creating an environment where people feel motivated and supported. Kissner also stressed the value of diversity in building a robust security team, as different perspectives help identify blind spots and better understand the problems of diverse user groups.
Diversity and Burnout
Both CISOs recognized the importance of diversity in building strong security teams. Spears highlighted the need for diverse perspectives to avoid blind spots, and Kissner gave examples of how diversity can contribute to solving complex problems, such as understanding the unique challenges faced by trans individuals in identity systems. However, achieving diversity also comes with the challenge of combating discrimination within and outside the team. Both CISOs emphasized the importance of fostering a culture of mutual respect and understanding. They also addressed the issue of burnout, which is a growing problem in cybersecurity. Spears attributed burnout to a poor working culture that fails to provide adequate resources and support, while Kissner emphasized the need for downtime and a healthy work-life balance.
Advice
Spears advised CISOs to trust other leaders and build strong relationships with their teams, acknowledging that this can be a difficult thing to do. Kissner advised individuals to seek promotion opportunities, as not seeking promotion reflects poorly on the organization. She also cautioned against relying too heavily on metrics when making security decisions, as they can be misleading and fail to capture the complexity and variability of threats.
Future Threats
Both Spears and Kissner agreed that future threats in cybersecurity will likely be similar to existing threats but more sophisticated. Social engineering, phishing, configuration errors, and zero-day compromises will continue to be threats, but with more serious potential for exploitation. Kissner also pointed out that the introduction of AI in attacks is increasing the complexity and variability of threats, making it harder to block them using traditional methods.
Conclusion
The role of the CISO in cloud-based services is evolving, requiring a balance between technical and business acumen. Building and retaining a strong security team is crucial, with diversity and a supportive working culture being key considerations. Addressing issues such as discrimination and burnout is essential for maintaining a harmonious and productive team. As threats continue to evolve, CISOs must remain vigilant and adapt their strategies to ensure the security of cloud-based services.
<< photo by isaac graphy >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- The Evolving Landscape of Cloud Security: Insights and Outlook for a $62.9B Market
- Embracing the Promise of Multi-Cloud: Prioritizing Proactive Security Measures
- Unmasking the Dark Side: Exploiting Cloudflare Tunnel for Sustained Breaches and Confidential Data Breach
- 7 Ways to Bridge the Gap in Communication and Be Understood
- Exploring the Enhanced Features of NIST Cybersecurity Framework 2.0
- Declining Russian Clout: Implications of the Russian-African Security Gathering
