At Hunters, we value the voice of the CISO. Not only do they take responsibility for the security of their organizations, but do so with a business-oriented mindset. To help understand the CISO point of view, Rob Geurtsen, former Deputy CISO at Nike, joined Hunters as CISO-in-residence last year. You can learn more on why he made the choice here.
We took a deep dive into the CISO mindset when we sat down for a fireside chat with Rob and Tammy Moskites, Founder of CyAlliance and former CISO at companies like Warner Brothers and Home Depot.
Tammy is an advisor for Hunters through her organization, CyAlliance, a group that bridges the information gap between CISOs and technology vendors.
Tammy and Rob spoke candidly about their experiences as CISOs, lessons learned, the role of the modern Security Operations Center (SOC) and more. Here’s four key takeaways from our chat:
Economic uncertainty is an opportunity for CISOs to prioritize
Cutting budgets and maintaining costs is not unique to an economic downturn. CISOs and company leaders are often asked to make cuts to help the business. When this does happen, security leaders need to look at their top projects and focus on the ‘must-haves’. CISOs should ask themselves, what do I NEED to accomplish this year? And, what can I push to next year?
“I think that the CISO sees, again, optimization in the SOC. Make some investments this year that will have benefits in the subsequent years. This is a good time to have that conversation with the leaders of the organization and show those savings, right? Saying, here's what we're gonna do and this is what we're gonna save. Whether it's monetary, or employee-wise.”
-Rob Geurtsen, former Deputy CISO at Nike
Tammy also adds that there’s creative ways to ‘do more, with less’, like using automation tools.
Automation continues to be a priority in security decisions
The value of automation comes up over and over again during our conversation with Rob and Tammy.
First, tools that use automation, make SOC Analysts’ jobs easier by allowing them to correlate information and identify threats quickly. The amount of data organizations need to analyze is enormous, and having proper tools to sift through the info is crucial.
It’s no secret there is a skills gap in cybersecurity. By replacing manual searches with automation, analysts can focus on higher priority tasks and avoid alert-fatigue. Organizations can better utilize their headcount and budgets, by having their teams focus on tasks that can’t be automated.
Key metrics have evolved for CISOs
Seasoned security professionals know how ever-changing the cybersecurity field is, and that includes metrics and KPIs. Measuring how many threats were identified and contained no longer reflects a secure network or a job well done by a SecOps team.
“One of the things that I always use as a key metric above everything else is how fast can I detect? And then how fast can I contain the threat, not remediate, because remediation and fully understanding what a threat is can sometimes take weeks if not months to figure out. But if I can contain the threat, stop the bleeding I can breathe again and we can work at a more composed pace rather than frantic.”
-Tammy Moskites, Founder of CyAlliance
Rob and Tammy agree that a key metric every security leader should be aware of is not just mean time to ‘repair’ but also how fast they are identifying threats, containing them, and using the experience to build playbooks for the future.
Have a game plan before disaster strikes
Tammy and Rob remind us that the threat landscape has changed. Security teams no longer wait for the threats to pop up, they know they’re coming. So the best thing security leaders can do is have a solid Business Continuity, Disaster Recovery (BCDR) plan and updated playbooks. Being prepared and having people trained for real-time events is part of a SecOps team’s maturity.
A CISO needs to be able to answer questions up the chain about an attack, but it’s equally important that they can focus on the attack as it’s happening and work with their security teams to contain it.
Rob comments that it's very important to have upfront agreements with leadership, all the way up the board. This way everyone knows when to involved higher ups and even if they need to be involved.
—
Thank you to Rob and Tammy for Sharing their wisdom and providing key takeaways that give insight into the mind of a security leader.
CISOs now rely on updated metrics to gauge their performance
It is crucial for organizations to have a well-defined strategy in place prior to experiencing a disaster
Want to hear more from Nike's former Deputy CISO Rob Geurtsen? He'll be speaking at Gartner Security & Risk Management Summit on June 6, 2023 at 1:20pm.
—
For the full conversation with Tammy and Rob, view the recording here: