In Search of Answers to Big Questions

Written by our inhouse resident editor, Lyndsay Turley, an experienced communicator and cybersecurity advocate for over 15 years.

The World will be listening in Rome, send your thoughts within a 60-second video. Be a part of the CISO 360 Video Panel

For over 15 years I have been an active participant in the development of the information and cybersecurity profession. Recognising its unique position as one of the first areas of practice to emerge on a global scale, I have enjoyed the opportunity to watch it evolve beyond its technical roots and begin to take its place as a core competence within organisations today.  This is of course an evolution that is far from complete, and there is as much if not more activity aimed at defining what it means to be a cybersecurity professional today as ever.  The big questions driving such activity today tell an intriguing story of how far it has come.

For example, in the early days of my time working with (ISC)², a nonprofit professional certification organisation, I asked members if they considered themselves to be an IT professional or a risk professional. The answer was always split down the middle.  I suspect that this remains the case today as people find themselves pursuing opportunities across managerial, operational and specialist areas. Today many people tell me that they profess to be both. We also often sought to answer how they should support ‘the business’ and demonstrate a return on investment.  These two questions haven’t gone away, but I have noted they are being superseded by others that suggest the profession is assumed to be doing this already.  In addition to the traditional focus on the changing vulnerability and threat landscape, we are increasingly (and perhaps finally) engaging in high-level discussion with the potential to drive, rather than just react to the environment in which we are working.

Cyber security, risk and governance professionals are moving from protecting to also ensuring that security is embedded in the technologies and trends that are driving digital transformation today; its experience extends to tackling geopolitical, and business and economic, as well as criminal concerns. This has been illustrated by the questions shaping the discussions at the Pulse CISO 360 conferences and round tables that I have attended over the last 12 months.  And given the ability to speak freely afforded by the events being staged under Chatham House Rule, they have prompted some lively debate.

One example – What responsibilities does the CISO have in driving Innovation?– had the 70 CISO’s participating in the Talk to the Board conference last November reviewing their commonly defensive stature with vendors and considering a more open approach to the innovation process.  Delegates at the subsequent Artificial Intelligence (AI) and Machine Learning round table in March helped me see the reliance on such a dynamic: real-world corporate data is needed for AI to meet the expectations of a cyber security community struggling to manage the complexity they face today. This is a discussion that Pulse will be continuing at the 3^rd CISO 360 Congress in Rome June 19-21.

Another example – should technology be a strategic concern within international diplomacy– is also set to be discussed at this year’s CISO 360 Congress. The international dominance and lack of governance of social media platforms and tech giants has become a diplomatic football over the last year as countries question each other’s decisions to invest in technology suppliers.  Debate will draw out the depth of understanding from the Pulse community around the ethical, commercial and diplomatic concerns that are now only beginning to be explored within mainstream media. It aims to produce insights that can be of value and influence beyond professional practice.

Given the strategic importance of these debates, Pulse is working to open them to a wider audience.  Following a leading example from the World Economic Forum, everyone active and interested in cyber security, risk and governance is invited to pick one of our Big Questions and send their thoughts within a 60-second video.   These include:

should technology be a strategic concern within international diplomacy?

What responsibilities does the CISO have in driving Innovation?

How can we assure AI/ML augments a more, rather than less secure world?

How can we manage in a world plagued by disinformation?

Responses will be featured here and at the CISO Congress as they help to progress the global discussions that are taking place. You don’t have to attend Congress to participate, just have an opinion that you are happy to share.

The World will be listening in Rome, I encourage my colleagues in the industry to have their say.