Selling to the CISO: Cyber Security, Budgets & Internet Usage

Is there a deployment plan for a Developer Security Champions programme? 

A deployment plan can be handled by either educating people on it or gamifying it. It’s hard to get developers to do security, so one has to consider changing the way how DevOps works. Turning the programme into a game where different departments compete against each other seems to have worked so far. Entities like ThriveDX, Palo Alto NetworksPalo Alto Networks Security Management, and Fortinet Training Platform can resolve this situation.

Should staff be barred from certain activities when using corporate internet?

Some would argue that it’s a problem for HR while others say that the data risks can’t be ignored. Data loss and leakage are more likely to occur around elements like email, for example. In cases like this, one could make use of Netskope as it’s good at keeping risks like data leakage in check and simplifying the reporting on them. Other platforms ideal for this are Fortinet & Palo Alto Networks (firewalls), and SentinelOne (endpoint defence & response).

BISOs: A threat to the CISO or an opportunity for progress?

BISOs are focussed on the element of risk linked to business data, which has more perceived value in the boardroom. It’s better to look at how BISO works alongside CISO to add that extra support while also allowing for an easier focus on the cyber security budget.

How much influence does the CFO have regarding decisions on technologies and their implementation?

Some projects are pushed back with tighter scrutiny, because they are labelled as luxuries. Overall, the CFO is involved in what’s essential and not, so planning for the future means that CISOs are also being questioned more about these kinds of things; “does it need to have all those widgets?”, “what does product A give us over product B?”, etc. It’s an issue that can be resolved by the Exclusive Networks Invoicing and Payment Solutions (XPS) arm.

How is AI/ML being embraced or restricted?

If you’re a financial service, this means complete restriction due to the lack of regulation; it’s too risky. Media companies, on the other hand, are able to fully embrace and use it with some guidelines as to the do’s and don’ts of AI/ML usage. ML like those created by Microsoft and AWS will have an effect and could make things more efficient, but doesn’t have any clear guidance or support. To make things easier, you could refer to Netskope, Palo Alto Networks, or Fortinet.

How do you prioritise cyber security initiatives and investments to stay relevant?

The biggest concern for CISOs is still ransomware, downtime and not being able to get jobs done. Plans and strategies are put in place but these are often provisional. With insider threats, especially where people are working from different locations, it’s often more practical to fully lockdown things like AI/ML for data security reasons. When you don’t want to do a full lockdown, you can make use of Netskope or Tanium for loads of people that work remotely. For access management there’s always One Identity.