CISOs Debate the Most Effective Strategies from the Security Front LineIn this panel discussion, Bianca Wirth - CISO at NSW Department of Planning and Environment, Jean-Baptiste Bres - CISO at HSBC Bank and Francis Ofungwu - CISO at GitLab discuss the importance of a secure development life cycle, enabling developers to be self-sufficient in addressing vulnerabilities.
There are many challenges facing cyber security leaders, including the proliferation of endpoints, the supply chain of software, and the panic-buying of cyber security tools.
Organisations also face the challenge of third-party software being their weakest point. Regulations require suppliers to demonstrate their security posture. The challenge for dispersed organisations is discovering all the assets and architectures of their applications, particularly with legacy systems.
Observability requires translating data into action. It demands the right models to respond to anomalies that require investigation, rather than relying solely on tool sets.
In this panel discussion, Bianca Wirth – CISO at NSW Department of Planning and Environment, Jean-Baptiste Bres – CISO at HSBC Bank and Francis Ofungwu – CISO at GitLab discuss the importance of a secure development life cycle, enabling developers to be self-sufficient in addressing vulnerabilities.
The panellists also discuss the cautious approach that needs to be taken with AI and the importance of transparency in models being used. There is the potential for AI to address real security problems and transform organisations.
AI should be embraced but with appropriate boundaries and limitations.
- Zero trust – Most organisations are on the path to maturity. However, there are other challenges, especially in software governance. Organisations have some understanding of what lies ahead for zero trust. Rather than a product or an initiative, it is a journey. It’s not an end state.
- Cyber security is a team sport that requires collaboration. An environment in which responsibilities are understood. Software development life cycles should allow developers to self-sufficiently manage the development process, enabling them to identify and remediate vulnerabilities in real-time as they develop software.
- Observability is not just a collection of data; it is a combination of data and action. The right staff must be available to act on information and investigate further. To react to abnormalities, we need to be smart with information that is relevant to our organisation and know what normal looks like.