Conversations in Risk-Based Security

Top Ten CISO Concerns for 2019 Validated

Posted by Doug Yarabinetz on Jul 17, 2019 11:12:45 AM
cisos

Many of you may have read the recent article by Mary K. Pratt, contributing writer, TechTarget titled, Top 10 CISO Concerns for 2019 Span a Wide Range of Issues.  If you haven’t, check out the link later in this post, it’s worth the read.  Pratt outlined, through a series of interviews with top CISOs, the top ten concerns dominating the CISO’s agenda this year.

I bring this article up for a couple reasons.  I think it’s a great perspective for CISOs to understand what their peers think and are dealing with in their organizations.  But it’s also top of mind because we just returned from the Evanta New York CISO Summit.  This is a unique event for CISOs by CISOs and it was a perfect opportunity to talk to both our customers in attendance, thank you Estee Lauder Companies, The National Football League, PSEG, Suez, SUNY, BNY Mellon, and Wells Fargo, but also, to touch base with the larger CISO community and hear the presentations and topics selected by industry thought leaders.  What we saw was a total validation of Ms. Pratt’s article and enforcement of what the major challenges are facing CISOs today.

At Lynx, our mission is guided by understanding and aligning with a CISOs strategy and working with them and their team to meet their most pressing challenges.  So, it is critically important for us to research and understand what concerns are driving their strategies.  “From dealing with data and staffing shortages to adapting to an ever-expanding set of job responsibilities, CISOs face an array of serious issues in 2019”, describes Pratt.  Here is her list of the top ten concerns dominating the CISO agenda:

  1. Strategic Alignment
  2. Regulation
  3. Cloud Security
  4. Staffing
  5. Emerging Technologies
  6. Response and Remediation
  7. Expanding Responsibilities
  8. Larger Attacks
  9. Dealing with Data
  10. Strengthening the Foundation

You can find the responses and detail behind these top ten issues in Pratt’s article here, https://searchsecurity.techtarget.com/feature/Top-10-CISO-concerns-for-2019-span-a-wide-range-of-issues.

Reading this right before attending the Evanta NY CISO Summit was particularly enlightening because to a point, these are the same topics and challenges that dominated discussions among CISOs in New York City.  We can start just by looking at the agenda, topics and speakers.  The opening keynote was around ROI and stretching resources.  Sessions throughout the day then focused on translating complex cybersecurity into simple business context, leading your board to the next cybersecurity frontier, managing GDPR, proactive cybersecurity, shifting threats, pen testing your board pitch, fortifying resiliency, balancing risk and reducing your attack surface.  And almost all these sessions touched on an element of people and staffing.  And why not, it is estimated that there are 1.5 million unfilled cybersecurity jobs in the US alone.  Forbes magazine expects that number to be as many as 3.5 million unfilled cybersecurity roles by 2021.

All these concerns were really brought to the forefront as a main theme as the day wound down.  Kirsten Davies, SVP and CISO at Estee Lauder Companies delivered an excellent, interactive session on Planning for the Future – The Next Generation CISO. The audience was captivated by the idea of tapping into Millennial's ideas and uncovering hidden talent to create a powerful pipeline to deal with the expanding threat landscape.  And the final keynote of the day was delivered by Sara Andrews, SVP and Global CISO PepsiCo.  Talk the Talk – Communicate to Get Results was a perfect and poignant summation of the entire day from communicating with leadership to fostering a security-accountable culture and attracting world class security talent.  I think it’s safe to say she certainly put together her communication strategy effectively for this group.

The presentations were only the start.  It really comes down to talking with CISOs and listening to their concerns and feedback.  But there was no deviation form our top ten list or the presentation topics when it came to discussions around the room.  Training and finding people with the right skills, replacing legacy technology, dealing with the volumes of data coming in and trying to align with business strategy to communicate effectively with the board were all common themes in my discussions.

I think its fair to say we are all on the same page.  We all see and feel the same challenges and are trying to deal with them head on.  Events like the Evanta Summit and the resources available from organizations like TechTarget are a start.  We need to continue to leverage these sources as well as the vendors and partners available and working to address these issues in a strategic and trusted way.  There is help available so no CISO needs to be an island.  We speak the same language, let’s continue the conversation!

For more information and resources or to schedule a call with one of Lynx’s subject matter experts, email us at LetsTalk@LynxTP.com.

Topics: CISO