Timothy Lee, Chief Information Security Officer (CISO) for the City of Los Angeles, examined the cybersecurity landscape during his keynote presentation to Argyle's CISO membership at the 2017 Chief Information Security Officer Leadership Forum in Los Angeles on November 9. In his presentation, "The Future of Cybersecurity," Lee explored the evolving role of the CISO in the age of digital transformation.
According to Lee, CISOs are responsible for helping an organization limit risk, and identify and capitalize on opportunities.
With the proper measures, CISOs can identify cyber-attacks, as well as help organizations avoid business disruptions due to malware and data breaches.
"Opportunity and risk coexist," Lee said. "A good system finds the right balance between opportunity and risk. But a better system enables a business to maximize opportunity and minimize risk."
How a CISO approaches digital transformation may have far-flung effects on an organization's success.
"You no longer can run your security operations in silos. Everything needs to be built in collaboration."
CISOs that embrace digital transformation may help an organization adapt to a rapidly evolving global marketplace. Conversely, a CISO who fails to allocate time and resources to drive digital transformation may struggle to contribute to an organization's success.
"We, as a CISO, our job is not just about managing opportunity and risk. Our role is shifting toward making cybersecurity a business enabler and part of the foundation of digital transformation," Lee indicated.
Today, the cloud, big data and analytics, social media, and mobile devices reshape the cybersecurity landscape for CISOs at organizations of all sizes. A CISO must understand the risks and opportunities associated with these technologies to ensure an organization's sensitive data is protected at all times.
"There is a massive amount of data, and it is our responsibility to secure it," Lee noted.
In addition, a CISO must be ready to evolve, particularly as new technologies become available. As the Internet of Things (IoT) morphs into the "Internet of Humans," CISOs must be willing to deploy new security measures to ensure full protection of an organization's sensitive information.
"We, as a CISO, our job is not just about managing opportunity and risk. Our role is shifting toward making cybersecurity a business enabler."
A CISO also must ensure security protocols are designed to safeguard customers and employees, as well as their respective environments. Failure to deliver complete protection of both people and environments could result in business disruptions, leading to brand reputation damage, revenue losses and other cost- and time-intensive problems.
"The model of cybersecurity is going to change," Lee said. "We need to have privacy and safety measures in place to protect both people and environments."
Collaboration is essential for CISO success as silos may leave organizations susceptible to cyber-attacks. If a CISO fosters an environment of camaraderie and innovation, he or she can further limit cyber risks across an organization.
"You no longer can run your security operations in silos," Lee stated. "Everything needs to be built in collaboration … and there needs to be a cybersecurity alliance between machines and people."
Moreover, Lee offered the following recommendations to ensure CISOs can prepare for the future of cybersecurity:
- Develop a security awareness program. With a security awareness program in place, employees at all levels of an organization can take the necessary steps to identify and address cyberattacks.
- Build your soft skills. A CISO who is able to highlight the value of cybersecurity to a CEO and other C-suite leaders may be able to get the necessary support to deploy meaningful cybersecurity strategy improvements.
- Take a business-like approach to day-to-day activities. "We have to learn to think like businesspeople," Lee noted. "We are part of the business team, and we need to make sure that we're aligned with the business strategy.
- Keep your security operations center (SOC) team up to date. New cyber threats are emerging. A CISO must ensure a SOC team keeps track of cyber threats and can act quickly to address such dangers.
Cybersecurity is becoming increasingly important, and a CISO must continue to explore innovative ways to help an organization resolve cyber-attacks before they escalate.
If a CISO is committed to ongoing improvement he or she may discover innovative ways to address cyber-attacks. Perhaps best of all, this CISO may be able to keep an organization, its customers and its employees safe against cyber-attacks both now and in the future.
Timothy Lee is the Chief Information Security Officer at the City of Los Angeles. He is responsible for overall cybersecurity policies and initiatives for America’s second largest city. One of those initiatives is the City’s first Integrated Security Operations Center, which won several awards including Center for Digital Government’s Cybersecurity Leadership and Innovation Award. His work affects all 40 City of Los Angeles departments. Prior to his current position, Lee was the CISO at the Port of Los Angeles where he established the Port’s cybersecurity program and was the project manager for the Cyber Security Operations Center, which won the American Association of Port Authorities IT Award of Excellence. He has a total of 20 years of experience in information security, network and telecommunication field. Tim is a recipient of the 2016 StateScoop 50 Award in the category of State Leadership and has spoken at several conferences.