What skills does a CISO need? In recent years the role of the CISO has evolved from specifically technological issues to a business focus.
In an interview in "Café con CISOs", the General Manager of A3Sec Spain, Alejandro De La Peña interviewed Fluidra's CISO, Ángel Uruñuela. His main conclusions? CISOs must first "know the business very well", its strategies and objectives in order to be able to propose a security scheme aligned to the corporate ambition and although the technological profile of CISOs is important, it can be beneficial for them to evolve to business, to be very close to the areas that drive the organization and transmit the importance of the work to all colleagues.
Javier Diaz Evans, Global Chief Revenue Officer and Partner at A3Sec Group presented his vision and sought to delve deeper into the current situation of cybersecurity organizations, the types of trends and what can help provide value to the organization.
About 10 years ago, for example, they were focused on monitoring and protecting to prevent incidents. Due to the high levels of cyberattacks, they have migrated to a trend that, while still protecting, detecting and monitoring possible attacks, now also invests in response and data recovery.
The objective is that crisis management can be managed in the most optimal way possible with the least impact to the business and at the same time have the possibility of recovering information. These are aspects that are taken into consideration to set the strategy that is aligned with the business.
Another important issue raised was the demand for security experts compared to the number of experts in the market, which was defined as "a critical risk".
Organizations as an alternative hire dedicated security experts. And vendors with a track record in the market now have the responsibility to build new generations of experts, who will be inclined to optimize through the use of cloud.
"Fluidra continues to bet on a hybrid model, with the IT and business departments," said Uruñuela, referring that it is going through a digital transformation, migrating to the use of cloud technologies not only in the field of security but also at the systems level.
As a consequence of the pandemic, moving to the clouds was necessary, remote work became indispensable for organizations because of quarantines, this caused a phase of evolution and adaptation for all companies nationally and internationally.
A "sensitive" topic was mentioned about Board members who do not understand cybersecurity. Providing help to people who are business people and do not handle the terms of security and data protection but in turn are those who make the big decisions of organizations is key in the current scenario and especially in defining the strategy and tactics for the growth of companies.
For Uruñuela, Boards of Directors are usually far away from IT security issues, but news about cyber-attacks and security breaches are a daily occurrence, the vulnerability of companies has become evident and therefore the relationship between CISOs and company managers has changed.
Finally, the importance of having CISOs who drive security initiatives with a business plan and support, who know the importance of having a response plan, was addressed. Although the gap between CISOs and digital security is quite large, there is still a significant approach, the ideal for organizations is to have within their staff specialized personnel in the field who actively participate in the Boards of Directors.
To see the full interview click here