In today's digital landscape, the role of cybersecurity within organizations is more critical than ever. As businesses navigate the complexities of protecting their data and infrastructure, the Chief Information Security Officer (CISO) stands at the forefront of this evolving battlefield. In this thought-provoking episode of Tech Talks Daily, we are joined by James Alliband, Cybersecurity Strategist EMEA at Carbon Black, to explore the shifting paradigms of cybersecurity leadership and strategy.
James brings a wealth of experience from Carbon Black, a leading cloud endpoint security company that has recently transitioned from VMware Security following the Broadcom acquisition. His insights shed light on the pivotal role of the CISO and how it is expected to transform in the coming year. With cybersecurity now recognized as a strategic business issue, James discusses the critical responsibility of CISOs in managing organizational risk exposure and the delicate balance between security effectiveness and manageability.
A significant part of our conversation revolves around the concept of duty of care in cybersecurity and its impact on the changing world of cyber insurance. As businesses face increasing scrutiny, James elucidates what providing a duty of care truly means and how proactive security measures can influence cyber insurance policies and premiums. The dialogue extends into automation, orchestration, and the importance of simplifying security processes to enhance manageability without compromising effectiveness.
Moreover, James highlights the evolution of the CIO's role into that of a Chief Risk Officer, emphasizing the broadening scope of responsibilities to include security and overall business risk management. He also touches upon the rapid technological changes, including AI and automation, and their potential impact on the role of CISOs and the cybersecurity landscape.
Join us as James Alliband navigates through these critical topics, providing invaluable insights for CEOs, CTOs, and cybersecurity professionals. As we delve into the future of cybersecurity leadership, the evolution of cyber threats, and the strategic importance of security in business, this episode promises to enlighten and inspire. How are these shifts influencing your approach to cybersecurity? Please share your thoughts and join the conversation as we explore the future of protecting our digital world.
[00:00:00] As businesses grapple with the ever-changing threat environment and the complexities of
[00:00:06] things like cyber insurance, today's guest, James Aliband, cybersecurity strategist, EMEA
[00:00:13] at Carbon Black, is going to be joining us on the podcast today.
[00:00:18] And James's insights into the role of the CISO and the strategic importance of cybersecurity
[00:00:23] couldn't be timelier. of tech talks daily and in an era where digital security is non-negotiable. Legacy managed file transfer tools, they simply don't cut it now. So that's where KiteWorks comes in. Revolutionizing the MFT landscape with unparalleled security credentials, including the much coveted FedRAMP moderate authorization.
[00:01:41] This isn't just about compliance though, it's about offering a secure, efficient platform
[00:01:45] for today's remote workforce. It's a beautiful part of the UK out to the west. I truly love actually where I live out here. So I currently work for Carbon Black Leader in cloud-native endpoint protection and really dedicated to keeping the world cyber-attacked. So we've kind of stuck to that mission for many years, over 20 years of being in the industry. So our solutions include next generation
[00:03:00] antivirus endpoint detection response, extended detection response and application withdrawal, across the world, across of course in the UK as well, and where we are. I spent over 10 years in the industry, so kind of spent majority of my career in cybers, I've been really fortunate, I think, to hit the industry at an inflection point. And yeah, I think it just, you know, the increasing level of sophistication and complexity that I think many people face,
[00:04:20] especially in many CISOs around the world face,
[00:04:22] just makes the world,
[00:04:23] and certainly this space extremely interesting.
[00:04:26] Just a touch outside of work, and decision making and just the ability to be able to go and execute what you need to do. Making splits, I don't get the beauty of a video refereeing as well of course at my level so I'm literally making split second decisions with one frame to do it but I truly enjoy it and I've been able to meet people across the country. I really love the case that when you'd be going
[00:05:40] to like a changing room or you're going to referee a game and there's a team of three of you,
[00:05:43] you're all the same, you're all referees, doesn't work like that, does it? And I think we've seen the rise in AI this year.
[00:07:03] We maybe have considered that AI isn't necessarily what that you need to look at and what's your risk that you're exposing? Because everyone's got risk. It's how the world works in many ways and security is no different. And then really what that is now when I look at it,
[00:08:20] the CISO or the Chief Information Security Officer's real job now is managing that risk.
[00:08:25] They have the ability to manage the risk for the industry. And also the culture and security as well I think has been a little bit of a close shot at times. We're getting better over years but it maybe wasn't the career path for many at one time. To be able to balance and
[00:09:41] strife between an automated process and automation across the security operation center and also in In the world of SaaS, the channel partners, resellers, if you will, value resellers, managed service providers have lost a little bit of value over the last couple of years because the world of SaaS is usually an engineering problem when things break rather than a support analyst's problem. So from that point of view now, being able to really outsource and use
[00:11:02] an organization's expertise and you think that when got to ask, would you say cyber insurance is still worth it? when we've seen that over the last few years what we're saying there was we really funded the black market and that's something I think is really important to stop and the ICO is certainly putting a lot of regulations in place to help us, help organisations ultimately not have to pay a ransom but what they can offer is they can cover expenses for forensic investigation, legal fees,
[00:13:42] notification costs, regulatory fines as well so And we've seen a lot of tools being put into this place where insurers are offering risk assessment services and helping organisations with training and helping them with ultimately increasing their cyber posture, which I think are really real positives. When we think about insurance, we kind of look at it as a negative, but I think these are real positives where now we're actually saying, well, okay, yes, you've been attacked,
[00:15:02] you've been hit, but how can we help that organisations could take to maybe reduce that overall cyber risk and even potentially lower those insurance premiums? Absolutely. You know, cyber insurance shouldn't be, should not be a safety net, should not be our last line of defence.
[00:16:22] You know, as kind of leaning into the car insurance example,
[00:16:25] like, car insurance isn't there so you don't have to get a driving licence and that can over time really do, it really can lower your cyber insurance policies. Risk assessments approach, showing proactive risk assessments on a quarterly or yearly basis, whatever the cyber insurance provider does ask you for. Employee training awareness programmes as well, educating staff about common cyber threats,
[00:17:41] best practices.
[00:17:42] There was an example that I actually had where I won't with the world, unfortunately with the world of AI, the complexity of phishing emails, as I'm sure you know, Neil, has become more and more sophisticated. So yeah, I think going back to the question, cyber insurance absolutely shouldn't be seen as a safety net. And there's so many things that we can do where insurance sits, almost sits in the background,
[00:19:00] just like our car insurance, and it's only there when we need it, when we've done everything we ensuring that people don't have access to systems they shouldn't have access to, or those systems aren't exposed to the wider outside network as well. And really proving that they fulfilled this in many ways through different compliance regulations that many organizations have to comply to, so making sure they can comply to them having regular testing against them. But I can split this into three areas. I think first
[00:20:23] and foremost, if I look at employee training, but I think as we go for the next few years, cyber awareness training,
[00:21:40] cybersecurity awareness training is going to be more critical than ever, especially
[00:21:44] when we think about the world that we live in, the accessible remote world that many especially with insurance, insurers clamping down on their cyber insurance policies. How can CISOs remain motivated in their jobs? And one of the reasons I ask this question is because there seems to be more and more stories in my news feed appearing about CISOs leaving cyber security or quitting their jobs in their droves. So how can we keep CISOs in the industry and keep
[00:23:02] them motivated in their jobs? I think it's a talent shortage. I think there's many talented individuals. I think we just need to make security a more inclusive world and a really strong culture to help people want to play their career here. But I think ultimately you're motivated. You've got a responsibility to motivate the next generation of talent
[00:24:20] coming into the industry as well,
[00:24:21] which more talented individuals
[00:24:23] that come into the industry,
[00:24:26] the more opportunities we've got to that position in an organisation, you've been
[00:25:41] motivated, you've been passionate about getting there breathtaking. I think only 12 months ago we were talking about chat GPT beating lawyers at passing bar exams. As we record this podcast, there's a lot of hype around AI again, this time around text to video where you can type, give me a dog walking around the deserted streets of Tokyo and you get a
[00:27:02] lifelike video ready made for you. The change of impacts that
[00:27:06] we're seeing on businesses around the world is just in so many ways because I really do think, and goes back to the point I was making at the start, is the Chief Information Security Officer, sorry, is really managing risk. They're managing that risk gap. They're managing the organization's risk. And security is truly the top of my most talked about subject today at board level.
[00:28:21] So the eyes are on you.
[00:28:23] So many people are looking at you to make a difference.
[00:28:25] So, you know, say your career really, whether it's speaking opportunities, podcasts like this, or whether it's just training, education, going to teach people in universities, colleges, so many opportunities now with the exposure that a Chief Information Security Officer really has inside their organization to expose the outer world ultimately to the world
[00:29:43] we live in and really how to operate in that which have a huge impact on that organisation as well. So the CSO has a mentoring role as well to play a coaching role if you will to help other people within the organisation elevate their careers and make really impactful decisions across an organisation. So I think for me, you know, I certainly see the CSO's role
[00:31:00] evolving into the Chief Risk Officer's role if you will that empowers people to do their job better and also of course keeps that organisation safe. And I think that is a powerful moment to end our conversation on today but before I let you go it's time to have a bit of fun with you. I will also add in your last answer there I think your life as a referee is safe
[00:32:22] especially looking at the state of video assistant referees in this country so I reading the book for me helps me understand either why I've made a particular decision, why I've kind of approached something in a certain way and made me feel that I'm doing and getting the right way or giving me opportunities to look at certain things and, and without digging into the books, I don't want to give it away for any of the listeners, but certainly inspired me to make different decisions within any decision to make, whether it's refereeing
[00:33:43] or business, he can apply to both. But I really do think that what Steven has done is he's CSO, how you think it will evolve this year, what providing duty of care really means, and how this is impacting the changing world of cyber insurance. More and more businesses are coming under scrutiny around this topic. So just more on that, thank you for taking the time to share your insights, leave us with a cracking book, and so much more. Thanks for joining me today, James.
[00:35:01] Thank you, Leo, for having me. It's been really enjoyable, so thank you.