In this interview, Jamie Rossato, CISO at Lion Co expresses the challenge of today’s cyber security landscape by likening it to catching Pokémon, where security professionals are expected to deal with a wide array of vulnerabilities and risks across various domains.

The breadth of responsibilities extends from data security and privacy to managing third-party access and IoT security. This “catch them all” mentality poses a significant challenge for CISOs, potentially lasting for the next decade.

Despite the unrealistic expectations placed on CISOs, Jamie suggests that many stakeholders, including executives and boards, may not fully grasp the complexity of the role.

The expanding technological landscape, coupled with organisational size, contributes to this lack of understanding.

Moreover, even with comprehensive security measures in place, a single security lapse could lead to significant reputational damage for the CISO and the organisation as a whole.

To effectively communicate the level of risk and responsibility to executives and boards, Jamie emphasises a multifaceted approach.

This approach involves engaging, influencing, educating, informing, and operating within the organisation.

By aligning security objectives with broader business goals and fiduciary duties, CISOs can convey the importance of security measures and gain support for their initiatives.

Additionally, Jamie stresses the importance of early engagement in technology initiatives, such as DevSecOps, to integrate security seamlessly without impeding progress.

 

Key takeaways:

Cyber security challenges: The multifaceted nature of today’s cyber landscape where professionals are expected to handle vulnerabilities, misconfigurations, data security, privacy, and more across various domains.

Unreasonable expectations: The expectations placed on CISOs are vast and complex. Some of these expectations might stem from a lack of awareness about the breadth of responsibilities within enterprise security, especially in large organisations where technology complexity is high.

Preparedness for breaches: In acknowledging the inevitability of breaches, it’s important to adopt a mindset of assumed breach and focus on effective response mechanisms, coordination with executives and boards, and regulatory compliance, alongside proactive protection measures.

Contributors
Gabby Fredkin Head of Analytics & Insights at ADAPT
As the Head of Analytics and Insights at ADAPT, Gabby Fredkin’s primary role is managing analysis to produce ADAPT’s actionable insights to... More

As the Head of Analytics and Insights at ADAPT, Gabby Fredkin’s primary role is managing analysis to produce ADAPT’s actionable insights to identify trends supporting organisations in Australia.

With a passion for creating stories with data, Gabby is consistently rated as one of the top speakers at ADAPT’s events. In roundtable discussions, he specialises in using statistics to initiate thought-provoking discussions, enabling ADAPT’s customers to become more data-driven.​

Using modern data science techniques, he provides ADAPT and its customers with confidence in the accuracy and validity of the information used for ADAPT’s research, advisory and events.

Working across artificial intelligence, machine learning, AI ethics, DevSecOps, end-user behaviour, and human-centred design, Gabby’s vast experience continues to grow, supported in part by a Master of Business Analytics from Deakin University.

Less
Jamie Rossato Chief Information Security Officer at Lion Co
Chief Information Security Officer at Lion Co emphasised the need for good engagement and clear communication between the digital team and the... More

Chief Information Security Officer at Lion Co emphasised the need for good engagement and clear communication between the digital team and the security team to ensure safe and successful transformation.

Less
Security