Rich Lindberg, CISO of JAMS, didn't set out to have a career in cybersecurity. Instead, he sought to make a living at what he enjoyed - programming. "I embraced fun," he says. Now he wants to help others do the same by growing the diversity of the industry workforce.
The latest edition of the ISMG Security Report investigates the reboot of ransomware group Conti, which supports Russia's invasion of Ukraine. It also discusses why paying ransomware actors is a "business decision" and how to respond to the talent shortage in the financial sector.
CISO Patricia "Patti" Titus says the cybersecurity sector is "still struggling" with the diversity and inclusion it requires. "The things we do really impact all of our end users, employees and customers," she says, so you need "the broadest skill set possible when you're making decisions."
CTO Daniele Catteddu of the Cloud Security Alliance sees significant gaps in how the cybersecurity industry delivers education and training. For example, he says, while organizations are demanding Zero Trust services and guidance on implementation, the industry's offerings do not meet that demand.
The overlying problem in cybersecurity is scale and the complexity that comes from that scale, says Philip Reitinger, president and CEO of the Global Cyber Alliance. He says we need to simplify how we defend ourselves and "give individuals and companies products that meet them where they are."
Crum & Forster CISO Chris Holden says it's critical to see cybersecurity as a business enabler rather than a business inhibitor. He is taking on the perception that security is the "Department of No" and works hard to change the culture at his company.
Threat watch: The ongoing Russia-Ukraine war continues to pose both direct and indirect risks to enterprise networks, says Michael Baker, vice president and IT CISO of IT services and consulting firm DXC Technology. He also discusses recruiting and retaining new talent.
Implementing modern architectures such as zero trust and secure access service edge remains an issue for many organizations. This challenge is further amplified by the shortage of skilled cybersecurity personnel, says Kate Adam, senior director of enterprise product marketing at Juniper Networks.
Anyone using machine-learning models to support so-called artificial intelligence capabilities must prioritize ethical design to ensure the systems work equally well for all, says industry veteran Diana Kelley. She also discusses how to include and keep people in cyber.
The latest edition of the ISMG Security Report includes highlights and observations from RSA Conference 2022, including a key message from RSA CEO Rohit Ghai. It also discusses the value of automation and the Cybersecurity and Infrastructure Security Agency's mission to grow cyber talent.
CISO Eric Sanchez of Kyowa Kirin North America discusses the nuances and challenges of building a security program at an international company. He shares strategies for managing the people, operations and technology and explains why strong interpersonal and crisis management skills are a must.
Never forget the fun factor when it comes to recruiting and retaining cybersecurity talent, not least to help address the nonstop stress and scariness that so often accompanies positions in the field, says Joseph Carson, chief security scientist at Delinea.
As information technology - aka IT - and operational technology - aka OT - continue to converge, organizations must stay ahead of new security challenges and threats, says Mex Martinot, vice president and global head of industrial cybersecurity at Siemens Energy.
Jeremy Grant says many areas in cybersecurity are fragmented, but Grant Schneider adds, "We don't want everyone developing collaboratively because the competition drives a lot of innovation in this space." The two discuss striking the right balance between industry fragmentation and collaboration.
To keep pace with rapid industry changes, including the major vulnerabilities that crop up with alarming regularity, cybersecurity education needs to get more agile, say Hack The Box's Trevor Nelson and Emma Brothers. They discuss how cybersecurity education delivery must continue to evolve.