Security Building Blocks for 2021

What foundational things does a CISO or equivalent need in order to do their job in 2021?

In a highly changeable industry, CISOs’ approach to leadership, technologies and partners, requires a more nuanced tact. These technology leaders discuss this in greater detail.

With Sasha Qadri moderating, the speakers of this roundtable include: 

• Petko Petkov, Director of Security, Onfido
• Juan Villamil, CIO, Imperial College London
• Mudassar Ulhaq, CIO, Waverton Investment Management

2020 refresh

The debate began with moderator Sasha Qadri asking Mudassar what foundational things a CISO had to do across 2020.

“Certainly 2020 has been one of the most interesting challenges for CISOs and the industry as a whole,” he began, “and it’s fair to say that the mass migration to remote work activated certain pressure points with teams, highlighting what worked and didn’t work, and how one prioritised improvements.”

Waverton Capital’s security roadmap was adapted and then brought forward quickly as a direct response to the new ways of working, balancing protocols to suit both in- and out-of-office work. It has taken the stance that remote work is here to stay and to honour the sentiments of its staff who prefer this style of working, its roadmap will change accordingly once again. 

“We ran a three year project in 9 months,” he continued, in a statement that is reflected across many businesses in 2020. “This has given us the impetus to drive more change and improvement and I presented the 2022 security roadmap to the Board recently that will emulate some of those successes. 

“Specifically, we are scrapping bring your own device and removing remote desktops so we remove dependency on them, instead providing a single device for each team member.  This roll out replaced end user estate with surfaces and we introduced Teams telephony voice both internally and externally, both from an efficiency standpoint and a regulatory perspective.”

Clearly interested in this hyper-specific methodology, Sasha continued to probe Waverton’s strategy and query any lessons learned. 

“Our biggest challenge was rolling out 150 surfaces, testing them so they are secure by design and fit for purpose within their relevant functions; test applications and workloads of each too, all within a remote context. It was a lot!” he concluded.

Cultural idiosyncrasies

For Petko Petkov on Onfido, some of the main challenges facing the CISO today are cultural, and therefore a building block for their post-pandemic remit ought to focus on teams, not just technology. 

“We know we are not going back to 2019,” he announced. “We should expect democratisation in how we live and work, and look to meet global security challenges, globally—and although younger, more nimble companies are better at adapting than traditional organisations, it’s important we frame some of the major security challenges around one, complex, problem: trust.”

For Onfido’s security leader, trust is an implicit element of a successful business and therefore the senior leadership team needs to design a business and curate a culture around trust. The former is seeing great innovation in technology, but the latter is more abstract, requiring a “change of mindset”. This could include making the CISO a more prominent voice within a business, or educating further the implications of security breaches to staff. 

Either way, for Petko, as technology has improved, its application and its combining with people has let the industry down. 

Building blocks

Over at Imperial College London, its CIO, considers the complexities of security management when asked about its building blocks. 

“[CISOs] manage risk across a diverse range of technologies, on premise, remote and cloud environments,” began Juan, “and as the world evolves so too cloud solutions. The building blocks of a CISO therefore are as follows: Understand risk and communicate these to the business well; be a good influencer so you lead by example and bring others with you, contextualising the risk into business-speak; that means also having the business acumen to express positives and negatives clearly and concisely. 

“In the past, CISOs were the ‘Ministry of No’, but now, you need more emotional intelligence and empathy, as well as staying calm in a crisis, to turn that into something more constructive.” 

Recognised as a global leader in AI for identity verification and authentication, Onfido digitally proves a user’s real identity using artificial intelligence (AI), by verifying a photo ID and comparing it to the person’s facial biometrics. This means businesses can see their customers for who they are, without compromising on experience, conversion, privacy or security.