Time to get CISO part of the board
Welcome to the inaugural Business of InfoSec Top 100 Leaders in Information Security report – Corinium’s list of the world’s top 100 leaders in information security for 2022.
This report exists to celebrate the outstanding work over the last 12 months of some of the greatest minds in information security. You can get a copy of the full report here
In the meantime, I will share the interview which Business of InfoSec conducted with me being one of the Global Cybersecurity Leader for 2022
It’s time CISOs get a seat on the board of directors
In a professional context, what achievements are you most proud of in the past year, and why?
I was selected by IDC and CIO Online in their respective global cybersecurity leaders lists, and now there’s this year’s recognition by Corinium. These are great honors for me. I also published two books last year and changed jobs; I was the regional CISO at a bank. (Standard Charted Bank, Middle East, Affrica and Pakistan)
I was drawn to this role at Comodo because, after three years in banking, I realized it isn’t for me. It’s very static and slow. Now my job is to ensure I secure Comodo and our customers, which keeps me busy and engaged. There are so many things to consider such as cyberwarfare and advanced persistent threat groups that need me to stay on top of trends and ensure that our products and services are trustworthy.
What do you think are some of the biggest challenges facing corporate cybersecurity executives today? And how do you think they can be overcome?
When you look at the market, you still see small and big corporations getting hacked. In the last month, we’ve had two Fortune companies hacked; it’s a clear message that no matter who you are, you can get hacked. As long as we’re aware of this, prepare an incident response strategy and minimize the attack vectors, we can move forward.
Another thing is that businesses are still very product-centric but we have to shift the mindset to being human-centric and build products in collaboration. This might mean that sometimes the CIO will have to work with the business to get the product to market.
Lastly, there’s a trend lately of CISOs coming from outside cybersecurity. But I think CISOs should come from cybersecurity. I also think CISOs should sit on the board, it’s a vital role because if an incident happens, the first thing that’s going to happen is the company losing public trust. It will affect the brand and the share price. Why deal with all this when you can take care of security first?
In your experience, what does it take to be a successful leader in the information security space? What characteristics or skills should aspiring information security leaders focus on cultivating?
Communication. Communication. Communication. I’m part of multiple boards, including at Comodo, so I have to explain the importance of cybersecurity to businesspeople. I have to ensure that the business is happy and secure with the advice I give. A leader has to be trustworthy, especially in our field.
You should also be able to sell your strategy to the business, so you’ll be something like a marketing guy. You have to know how to pass the right message across.
What are you most passionate about when it comes to the cybersecurity industry? What do you think is too often overlooked or misunderstood?
I am passionate about reaching communities and helping people build networks. Being C-level in a cybersecurity company that has more than a hundred million installations around the world keeps you busy. Family keeps you busy, but I still try to find time to create videos for my YouTube channel. I write books, and I try to give students the books for free because you don’t write books to earn money, you write the books to reach people. I truly believe we cannot be successful in cybersecurity without involving people. And in my opinion, this is still an overlooked component.
Many boast that they have cyber awareness training, but this training is generic. It has to be customized. You can’t train a cleaner the way you’d train someone in sales, and you can’t train them the way you’d train a developer who understands technology and security.
2022 Global Top 100 Leaders in Information Security Award
You can find here more news articles which feature me.
Chief Information Security Officer
Time to get CISO part of the board