As part of the activities surrounding Cisco Live Barcelona, we held a very special event specifically tailored for our CISO customers: Cisco CISO Day. It was a full day of exploring topics curated for this executive audience, and an opportunity for them to connect with peers in the security industry. We had engaging discussions around a variety of topics, including: Zero Trust, DevSecOps, cross-domain security, key factors for security success, and more. Below are a few highlights and key insights from the day.
Leadership Through Influence
Perhaps my favorite presentation of the day was by one of our customers, , Michael Jenkins, MBE CISO of Brunel University London and author of spy and forensic thrillers. His experience in both military and academia is intriguing, and has allowed him to ascertain that the best way to lead is through influence. Some tips that he recommended for building strong relationships to support your security goals include:
- Take your colleagues out for coffee; share your strategy and obtain their feedback
- Select a few vendors and treat them as strategic partners – like friends who have your back
- Get buy-in for a common goal and do not be afraid to tell people when things go wrong
- Educate and help – we’re not here to shame or punish
- Get plugged into the larger community within your industry and work with law enforcement to help combat threats
- Encourage everyone to care about security and privacy – offer security clinics, show the SOC in action, etc.
Connecting Security to the Business
Many of the executives at our CISO Day are still finding it hard to be a part of board conversations surrounding security. Some focus on how their teams can create a competitive advantage and increase revenue, while others spend more time struggling with obtaining the appropriate budget needed for their efforts. If this is a topic of interest to you, be on the lookout for the upcoming Cisco CISO Benchmark Survey, in which we discuss leadership support, metrics that matter, and security on a limited budget. (Register here to be alerted when it comes out.)
The Human Factor
A common challenge that continues to plague CISOs is the lack of a trained and skilled security workforce. Several organizations have talent retention and training programs for their employees, yet even with these incentives, they’re finding it difficult to keep up with their needs. Some are working with local universities to provide opportunities to young professionals. What are you doing to address this issue? (You can read more about it here.)
Industrial IoT Security
Although not all organizations need to protect operational technology, this is a topic that drove several conversations from CISOs in a variety of industries like manufacturing, utilities, telecommunications, and others. Securing these industrial IoT environments is more complex than protecting your typical IT shop, and the need for availability and reliability supersedes the traditional confidentiality and integrity in the CIA triad.
For More Information
It’s always a fantastic day when you get the opportunity to learn from your customers and share challenges and opportunities. If you’re interested in learning more about these topics and would like to receive a copy of the presentations from our CISO Day or see a summary of the main topics we’ve discussed, take a look here.