‘What are the challenges that you faced in your first 100 days in your cyber security role, and what influenced your approach?’
This was one of the questions posed to Insignia Financial CISO James Ng, AISNSW Cyber Security and Infrastructure Advisory Services Manager Marcus Claxton, and Sekuro Cyber Resilience Program (CRP) and Operational Technology (OT) Principal Consultant Nicolas Brahim, by Sekuro Bid Manager Audrey Jacquemart in a fireside chat held during Sekurokon 2024.
The session seeks to pick the brains of these cyber security leaders – learning about the challenges they face, and how they prioritise and attain sponsorship of their cyber security roadmaps. Sharing context from both smaller and large organisations, these industry veterans discuss budgeting, relationship building, and general advice for any aspiring CISO (chief information security officer).
James Ng
CISO, Insignia Financial
Marcus Claxton
Manager, Cyber Security and Infrastructure Advisory Services, AISNSW
Nicolas Brahim
Principal Consultant, CRP & OT, Sekuro
Audrey Jacquemart
Bid Manager, Sekuro (Moderator)
Watch the full discussion below or read on to see how these cyber security leaders paved the way for their organisation to follow them and their strategies.
TABLE OF CONTENTS
- What are the challenges that you faced in your first 100 days in your cyber security role, and what influenced your approach?
- When it comes to setting up the key initiatives and the top priorities, what are the things that you focused on and why?
- What are the strategies that you use to align cyber security with the business objectives?
- What does your success look like at the end of your 100 days?
- Do you have any advice for any new aspiring CISOs in the room?
‘What are the challenges that you faced in your first 100 days in your cyber security role, and what influenced your approach?’
You can have the best strategy in the world, but if you don't have the buy-in from the board and the budget, it just is a PDF that you have in your computer for three years.
Nicolas Brahim
‘When it comes to setting up the key initiatives and the top priorities, what are the things that you focused on and why?’
Marcus:
- Data governance is important for organisations such as schools, where there is so much data, the lack of structure and labelling would be a real problem.
- Getting approval and funding from the board for cyber security requires convincing them – especially if they lack technical experience – that cyber security is an organisational risk, not an IT problem. It’s not about getting value for money; if we get hacked, the teaching and learning stops.
- The propensity for schools to want to innovate and experiment is a real challenge, especially around shadow IT and the IT team’s efforts trying to contain things while still fostering innovative practices.
It’s not about getting value for money; if we get hacked, the teaching and learning stops.
Marcus Claxton
- The non-technical discussions in getting the buy-in from from the board and trying to explain the ROI in cyber security.
- Understanding the role of cyber security needs to be a foundation across the organisation, from the board to new hires, and setting up training opportunities to increase awareness is a priority.
- When the organisation onboards a new system, it is important to communicate with the users that cyber security is working with them, not against them, and that the new, additional steps in the process like multi-factor authentication (MFA) are all about helping the business reach its objectives.
‘What are the strategies that you use to align cyber security with the business objectives?’
So that way we've got alignment, we've got clarity, we're all rowing in the same direction and focusing on the things that matter not only to us from a security perspective but also to the rest of the organisation.
James Ng
‘What does your success look like at the end of your 100 days?’
‘Do you have any advice for any new aspiring CISOs in the room?’
“Any technical career is amazing and when you are involved in any sort of technical support, whether it's cyber security or whether it's just keeping the lights on, there is pressure, but there is great reward as well. Be prepared to do the hard yards and enjoy the ride.”
“You need to partner not only with the board, but with the rest of the teams in your organisation, as well as external partners. Understand that there's going to be a lot of change and roadblocks, and to just take each step one at a time.”