Dialogue between Joseph Carson, Chief Security Scientist and Terrence Jackson, CISO, Thycotic
“A CISO who can think like a hacker will know the best technologies to invest in that will help reduce the risks of cyber-attacks increasing the business resiliency,” says Joseph Carson, Chief Security Scientist, Thycotic. Adds, Terrence Jackson (CISO at Thycotic ) “ To properly align the security program to meet the goals of the business they should meet with their executives’ peers to get an understanding of what is important to them.”
Enterprises making decisions on worthy investments
Organizations have reprioritized security projects to focus on solutions that enable efficient secure remote working, says Joseph Carson. This means a business’s top priority for security solutions is those that increase productivity for remote employees while reducing the risk from cyber-attacks.
It is no longer about security solutions that protect from cyber-attacks alone; they must add value to the business and this means they must support the remote working environment.
From the perspective of Terrence Jackson, each business has to perform a risk assessment and gap analysis to build a plan to address its deficiencies.
IT teams lending their helping hands
“IT teams must prioritize solutions that help the business quickly adapt and be flexible for both on-premise and cloud environments,” says Joseph. He further adds, “Solutions that easily integrate into the business and are quick to learn will help the IT Teams get as much value out of the solutions. IT Teams no longer have time for complex solutions or security projects that take months or years to implement, which means security solutions must be agile and easily operated with existing resources.”
Terrence opines that IT teams must adopt solutions to enable digital transformation without being a blocker to the business. He says, “IT leaders must be business enablers and have a true understanding of what the business goals are.”
CISOs, Aligning goals with C-suite executives’ peers
Since CISOs have one of the toughest roles in the business right now, they must create the right balance between productivity and security, feels Joseph. This means they much be technology-oriented but be able to convey the complex cyber risks to the board in a way that focuses on its impact on business and talk of RoI, instead of just a security conversation.
When approaching the board of directors, CISOs should take a quantitative approach, opines Terrence. He further adds, “To properly align the security program to meet the goals of the business they should meet with their executives’ peers to get an understanding of what is important to them, what are their critical assets and what level of security is appropriate to secure them.” This would assure the leadership that any investment in cyber security will add to the business bottom lines. The competencies of a CIO reach out beyond technologies and also cover operational knowledge, with their ability to recognize the thinking process of the hacker. Joseph adds with this opinion, “A CISO who can think like a hacker will know the best technologies to invest in that will help reduce the risks of cyber-attacks increasing the business resiliency. However, they must focus on the business risks and productivity in order to get the budget they need to be able to implement their vision.”
Investing in the right cybersecurity tools
According to Terrence, any business with digital assets needs security fundamentals such as Vulnerability Management, Endpoint Detection and Response, Asset Management as well as Identity & Access Management which includes enforcement of Least Privilege.
“The most effective security solutions today are those that support remote working while increasing productivity such as privileged access management,” says Joseph.
“This helps remove password pain from most employees, improve access efficiency, automate most access tasks, help fast track to compliance and make the business more resilient to cyber-attacks.” signs off Joseph.
Joseph Carson is a cybersecurity professional and ethical hacker with more than 25 years’ experience in enterprise security specializing in blockchain, endpoint security, network security, application security & virtualization, access controls, and privileged account management. Joseph is a Certified Information Systems Security Professional (CISSP), an active member of the cybersecurity community and advisor to several governments, critical infrastructure, financial, transportation, and maritime industries.
With more than 17 years of public and private sector IT and Security experience, Terence is responsible for protecting the company’s information assets. In his role, he currently leads a corporate-wide information risk management program. He identifies, evaluates, and reports on information security practices, controls, and risks in order to comply with regulatory requirements and to align with the risk posture of the enterprise.