In the fast-evolving landscape of cybersecurity, the demands and expectations from technology leaders continue to grow. A vivid illustration of this dynamic is the intense conversation between Dan, a Chief Information Security Officer (CISO) in Michigan, and Terry, his superior. This dialogue not only highlights the challenges faced by CISOs but also the pressures to conform to industry standards even when security risks are evident.
Here is the verbatim discussion:
Terry just looked at me with this stunned look, and she asked everyone to leave the conference room but me. So it was just me and Terry looking at each other, and I've never seen a government agency meeting end so quickly in my life, because this was an hour long meeting. It was 15 minutes in, and she just ended it. And she looked me in the eye and she said, dan, if that's your answer, you cannot be the CISO in the state of Michigan. Basically, I was worried I was you cannot be the CISO in the state of Michigan. Basically, I was worried. I was going to get fired. And I said, well, wait a minute, Terry, you don't understand. Let me explain. I had all these white papers and all this. I was going to show her all my background materials about articles and books about why this was a bad idea. And she says, no, stop. I read all those articles. I know what you're going to say. I know what you're thinking. But she said, I've been to Dow, Ford, Chrysler and General Motors. They all have Wi Fi in their conference rooms. What do idea. And she says, no, stop. I read all those articles. I know what you're going to say. I know what you're thinking. But she said, I've been to Dow, Ford, Chrysler and General Motors. They all have Wi Fi in their conference rooms. What do they know that you don't know? And so they're like, talent. So I'm like, Who, She says, I'm giving you one week to figure this out and come backand give us a plan. Not to deliver it, but to give us the plan to do it securely, or you're fired.
Highlights:
Abrupt Meeting Conclusion:The discussion began in a routine government agency meeting which was abruptly ended by Terry only 15 minutes in, demonstrating the seriousness of the issue at hand.
Direct Confrontation: Terry confronted Dan directly about his stance against implementing Wi-Fi in conference rooms, questioning his suitability for the role of CISO if he maintained his position.
Resistance to Change: Dan was initially resistant, prepared with white papers and research to support his concerns about the security implications of introducing Wi-Fi.
Informed Challenge: Terry countered Dan’s arguments by noting that major corporations like Dow, Ford, Chrysler, and General Motors had already implemented such technology, pushing Dan to reconsider his stance in light of industry practices.
Ultimatum for Innovation: Terry tasked Dan with devising a secure plan to implement Wi-Fi within a week, pushing him to innovate under the threat of losing his job.
This scenario underscores the tension between maintaining rigorous cybersecurity measures and adapting to technological advancements that industry peers have adopted. The key takeaway is the essential role of flexibility and innovation in the field of information security. CISOs are often required to balance security with functionality, ensuring that their organizations both protect sensitive information and remain technologically competitive. The discussion between Terry and Dan serves as a poignant reminder of the challenges that lie in persuading diverse stakeholders of the necessity for secure yet progressive technology solutions.
Speakers:
https://www.linkedin.com/in/danlohrmann/
Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.
Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to the cloud.
https://twitter.com/bikashbarai1
https://www.linkedin.com/in/bikashbarai/
Comments