11th e-Crime & Cybersecurity Mid-Year Summit
October 17th, 2019, London, UK
Re-imagining the CISO
Is the current paradigm unsustainable? What must change and why?
Digital transformation is the key to business success. Cybersecurity is the key to digitalisation. There is a huge shortage of skilled cybersecurity professionals. So there has never been a better time to be a CISO... right?
As companies claim to recognise the strategic importance of cybersecurity, they have been piling ever more responsibility onto CISOs and their teams, but rarely increasing resources commensurately.
The CISO can now be any or all of: project manager, policy maker, compliance officer, designer of procedures, in-depth technologist and expert on everything from threat intelligence to DNS hacks, RFPer and POCer, incident response manager, SOC manager... the list goes on.
On top of all that, CISOs are increasingly expected to be able to interact with boards and provide assurance to clients, shareholders and other key stakeholders.
This is not a viable or reasonable job description, and it goes some way to explaining why so many CISOs are changing companies, joining vendors, becoming consultants, or even getting out of cybersecurity completely. CISO burnout is now a trending conversation.
If the job of the CISO has become an unwieldy, inadequately resourced aggregation of everything cyber, then not only is it impossible to do it well, but it reflects a much broader failure on the part of organisations to structure their information security, privacy and compliance efforts sensibly.
Making the CISO's job sustainable is not just about budget and board access. Digital transformation is rapidly overwhelming most companies' ability to deliver reasonable levels of security at an acceptable price.
Does the ever-growing list of CISO responsibilities indicate that companies need to re-engineer both the role and the activities it oversees?
How much cybersecurity can realistically be carried out on-premises and what does that imply for teams and technologies?
And what are the resources and strategies that can contribute to a better outcome?
The 11th e-Crime & Cybersecurity Congress Mid-Year Summit will look at the fundamental issues which underlie CISO overload. There will be real-life case studies, strategic talks and technical break-out sessions from the security and privacy teams behind some of the world's most forward-thinking companies, with their solutions to the current problems in cybersecurity.