One of the most challenging positions within an organization is that of a chief information security officer (CISO). A little while back, I had an opportunity to sit down with Chris Hughes, CISO and co-founder of Aquia, to discuss his experience in the role. Acquia is an open source digital experience company that empowers the world’s most ambitious brands to embrace innovation.
In the cybersecurity profession, some names stick out among the great creators and contributors. I recently had the opportunity to speak with Richard Benham about the role of a Chief Information Security Officer (CISO). Professor Richard Benham is known globally as a pioneer in the world of Cybersecurity, Artificial Intelligence, and Cyber Warfare.
Chief Information Security Officers know all about the “Sea of troubles,” and they experience “slings and arrows” daily. In mid-September, we saw a breach of Uber that threatened to undo the company’s security program - for exposing a fairly easy path to super admin privileges across most (if not all) of its infrastructure and security tools like GSuite, AWS, and HackerOne private vulnerability reports. The stakes are high.
With business and technology becoming increasingly intertwined, organizations are being forced to rethink how they look at digital security. Once overlooked or viewed as a mere afterthought, today it has become a business-critical necessity. As a result, organizations across industry lines are racing to improve their security postures.
What are the most important areas for a CISO to focus on? When speaking to Aman Sood, it becomes clear that the job of a CISO encompasses every aspect of a business. Aman is the Head of Cyber Security with Jimdo, a website building platform that helps small businesses start, grow, and ultimately thrive online. Aman is also the Cyber Security Group Chairman for ISITC Europe CIC, a non-profit industry body and a catalyst for collaborative innovation within the capital markets.
With companies in virtually every industry facing persistent and increasing cyber security threats, federal regulators are taking steps to protect customers and investors. In March, the SEC proposed new cyber security transparency rules that would require publicly traded companies to disclose, among other things, the cyber security expertise—or lack thereof—among their board members. This is despite the evidence that it is a recognized risk within businesses.
