There are many challenges facing cyber security leaders, including the proliferation of endpoints, the supply chain of software, and the panic-buying of cyber security tools.  

Organisations also face the challenge of third-party software being their weakest point. Regulations require suppliers to demonstrate their security posture. The challenge for dispersed organisations is discovering all the assets and architectures of their applications, particularly with legacy systems.  

Observability requires translating data into action. It demands the right models to respond to anomalies that require investigation, rather than relying solely on tool sets. 

In this panel discussion, Bianca Wirth – CISO at NSW Department of Planning and Environment, Jean-Baptiste Bres – CISO at HSBC Bank and Francis Ofungwu – CISO at GitLab discuss the importance of a secure development life cycle, enabling developers to be self-sufficient in addressing vulnerabilities.  

The panellists also discuss the cautious approach that needs to be taken with AI and the importance of transparency in models being used. There is the potential for AI to address real security problems and transform organisations.  

AI should be embraced but with appropriate boundaries and limitations. 

 

Key Takeaways: 

  • Zero trust – Most organisations are on the path to maturity. However, there are other challenges, especially in software governance. Organisations have some understanding of what lies ahead for zero trust. Rather than a product or an initiative, it is a journey. It’s not an end state. 
  • Cyber security is a team sport that requires collaboration. An environment in which responsibilities are understood. Software development life cycles should allow developers to self-sufficiently manage the development process, enabling them to identify and remediate vulnerabilities in real-time as they develop software. 
  • Observability is not just a collection of data; it is a combination of data and action. The right staff must be available to act on information and investigate further. To react to abnormalities, we need to be smart with information that is relevant to our organisation and know what normal looks like. 
Contributors
Peter Hind Principal Research Analyst at ADAPT
Peter Hind has spent the last 25 years as an analyst and commentator on the ICT industry. ​ His primary areas of interest... More

Peter Hind has spent the last 25 years as an analyst and commentator on the ICT industry. 

His primary areas of interest are the potential of technology to transform the way organisations operate, the change management obstacles executives encounter in realising this potential, as well as the tactics and techniques leaders have deployed to overcome these difficulties.

Peter now takes on multiple roles within ADAPT including the moderation of private events and roundtables, interviewing business executives about the strategies they are pursuing and assisting with the structuring of delegate surveys.

He also interrogates and analyses ADAPT’s treasure trove of end-user and C-suite data.

Less
Bianca Wirth CISO at NSW Department of Planning and Environment
Bianca Wirth has over 20 years’ experience in IT and security, and she has consulted to over 200 companies from a diverse... More

Bianca Wirth has over 20 years’ experience in IT and security, and she has consulted to over 200 companies from a diverse range of industries and government in this time. She has worked for a global software vendor and Big 4, developed her own successful consulting business and has guest lectured on security at universities. Bianca is currently the CISO at NSW Department of Planning & Environment.

Less
Jean-Baptiste Bres Chief Information Security Officer (CISO) at HSBC
Jean-Baptiste (“JB”) is an experienced Chief Information Security Officer (CISO) with a successful 20-year track record in Information Security, Risk Management and... More

Jean-Baptiste (“JB”) is an experienced Chief Information Security Officer (CISO) with a successful 20-year track record in Information Security, Risk Management and Project Management.

JB especially has a strong experience in implementing or reinforcing Information Security strategy and frameworks in heavily regulated environments in Australia and Europe.

Less
Francis Ofungwu Global Field CISO at GitLab
I am an experienced information security and digital privacy leader with proficiency in building programs, business development, product management, and leading cross-functional... More

I am an experienced information security and digital privacy leader with proficiency in building programs, business development, product management, and leading cross-functional teams. I have a strong track record of leading new initiatives to produce measured value, and transforming existing operations to align with stakeholder expectations.

I am passionate about simplifying complex information security and privacy concepts, and coaching technology professionals in communication and organizational alignment.

Less
Security