CISOs Share Their 3 Top Challenges for Cybersecurity Management>
Dark Reading – Jeffrey Schwartz
The biggest dilemmas in running a modern cybersecurity team are not all about software, said CISOs from HSBC, Citi, and Sepio. 1) Maintaining Visibility of All Network Assets Shivanandan noted that traditional methods of capturing inventories, keeping them up to date, and tracking them were predicated on the notion of adding assets to a network manually. But with modern applications, that doesn’t work, she said, because of the scale and the speed by which devices and software are deployed.

“One of the biggest challenges that every CIO and every CISO faces is having that visibility and making sure that visibility is up to date,” Shivanandan said.

2) Avoiding New Risks When Adding Apps Shivanandan said that, while reviewing the source code of every component added to the infrastructure is impossible, HSBC has rigorous processes around onboarding a new technology, which includes “a lot of pen testing and red teaming.” Froggett said that Citi has strict processes around onboarding new technology, including pen testing and red teaming, but with the current release cadences, enforcement has become challenging. “Ultimately, you can’t usually do source code reviews” of everything that comes in, he said.

3) Recruiting and Retaining Skilled Talent Despite considerable progress, Shivanandan said it remains difficult for women to break the glass ceiling. She said she believes that men have an outsized presence in senior cybersecurity roles compared with the entire IT industry.

Nevertheless, women face fewer barriers today compared with when she started out, During Froggett’s nearly 25 years at Citi, most of his bosses were women, he said. “The job’s not done for sure, but there is definitely more of a balance [than what] I saw five or 10 years ago.”
Link: https://www.darkreading.com/edge-articles/cisos-share-their-3-top-challenges-for-cybersecurity-management