In this interview, Jamie Rossato, CISO at Lion Co expresses the challenge of today’s cyber security landscape by likening it to catching Pokémon, where security professionals are expected to deal with a wide array of vulnerabilities and risks across various domains.

The breadth of responsibilities extends from data security and privacy to managing third-party access and IoT security. This “catch them all” mentality poses a significant challenge for CISOs, potentially lasting for the next decade.

Despite the unrealistic expectations placed on CISOs, Jamie suggests that many stakeholders, including executives and boards, may not fully grasp the complexity of the role.

The expanding technological landscape, coupled with organisational size, contributes to this lack of understanding.

Moreover, even with comprehensive security measures in place, a single security lapse could lead to significant reputational damage for the CISO and the organisation as a whole.

To effectively communicate the level of risk and responsibility to executives and boards, Jamie emphasises a multifaceted approach.

This approach involves engaging, influencing, educating, informing, and operating within the organisation.

By aligning security objectives with broader business goals and fiduciary duties, CISOs can convey the importance of security measures and gain support for their initiatives.

Additionally, Jamie stresses the importance of early engagement in technology initiatives, such as DevSecOps, to integrate security seamlessly without impeding progress.

 

Key takeaways:

Cyber security challenges: The multifaceted nature of today’s cyber landscape where professionals are expected to handle vulnerabilities, misconfigurations, data security, privacy, and more across various domains.

Unreasonable expectations: The expectations placed on CISOs are vast and complex. Some of these expectations might stem from a lack of awareness about the breadth of responsibilities within enterprise security, especially in large organisations where technology complexity is high.

Preparedness for breaches: In acknowledging the inevitability of breaches, it’s important to adopt a mindset of assumed breach and focus on effective response mechanisms, coordination with executives and boards, and regulatory compliance, alongside proactive protection measures.

Contributors
Gabby Fredkin Head of Analytics & Insights at ADAPT
Gabby’s primary role is managing analysis to produce ADAPT’s actionable insights. He has extensive experience in using data to identify technology trends... More

Gabby’s primary role is managing analysis to produce ADAPT’s actionable insights. He has extensive experience in using data to identify technology trends to support Australian organisations.

Using modern data science techniques, he provides ADAPT and its customers with confidence in the accuracy and validity of the information used for ADAPT’s research, advisory and events.

With a passion for creating stories with data, Gabby is consistently rated as one of the top speakers at ADAPT’s events. In roundtable discussions, he specialises in using statistics to initiate thought-provoking discussions. 

Gabby is effective in translating information into insights, enabling ADAPT’s customers to become more data-driven.

Gabby’s primary areas of expertise are:

  • Advanced AI and ML practices, including AI ethics.
  • Building models to benchmark and predict IT performance.
  • End-user behaviour and human-centred design.
  • Cross-functional team design and value, such as DevSecOps.
Less
Jamie Rossato Chief Information Security Officer at Lion Co
Chief Information Security Officer at Lion Co emphasised the need for good engagement and clear communication between the digital team and the... More

Chief Information Security Officer at Lion Co emphasised the need for good engagement and clear communication between the digital team and the security team to ensure safe and successful transformation.

Less
Security