In a world where enterprises contend with thousands of cyber attacks per day, the need for robust risk management and visionary cyber security leadership has never been more critical. In this context, we are privileged to engage with an exceptional expert — Check Point Field CISO Vivek Gullapalli, who offers security expertise that draws on a rich tapestry of experiences and accomplishments.
Read on to discover insights from a leader who is eager to empower others in navigating the cyber threat landscape with confidence.
For organizations looking to optimize risk management, what would you recommend?
Traditional risk management approaches are no longer sufficient. Using sophisticated and highly complex cyber threat tactics, cyber adversaries are slipping past traditional defenses, meaning that organizations need to take new, innovative approaches when it comes to managing cyber risks.
In many organizations, the cyber security leaders have taken a band-aid approach, only fixing what’s broken. This reactive approach has led to high-profile breaches, resulting in loss of reputation, financial damages, depletion of customer trust, and negative publicity, among other things.
While everyday technology maintenance, detection and response are important, organizations should focus more closely on a prevention-first security framework. In so doing, organizations will be able to proactively gain an advantage over adversaries and will therefore be able to optimize risk management.
How can cyber security leaders advance leadership skills and become more effective?
Modern CISOs need to not only be seen as technically competent, but they also need to be seen as executive-level business leaders. Modern CISOs need to possess general business acumen as it relates to products, customers, finance, compliance and growth.
In order for CISOs to be successful, they need to take a comprehensive approach to risk governance that ultimately enables the business.
I mentor younger leaders who wish to become CISOs, and in so doing, I encourage them to develop the following leadership qualities: Cyber security expertise, risk management insights, business acumen and leadership and communication skills. In addition, soft skills, such as interpersonal skills and the ability to influence others are also extremely important.
How do you invest in holistic behavior and culture change programs that are designed to inspire more secure ways of working?
There’s a famous quote from the legendary management consultant, Peter Drucker, “culture eats strategy for breakfast.” What he meant is that strategy is important, but that cultural change is a surefire path to success. It’s true in cyber security. The strength of CISO leadership is tested when a CISO moves from strategy to execution.
Security’s strength comes down to people. No individual (in the right frame of mind) wakes up and thinks that they are not going to do what is right. All they need is a right set of controls (technology or processes) to help them do that. At times, security controls are made complicated…But embedding the right behaviors in the organization is key to changing the culture.
Culture change starts at the top. It needs to be consistent at the CEO and board level, in addition to receiving support from the CISO. In organizations where business leaders and rank-and-file employees see security as a business enabler, they will champion the cause.
Cementing the expected behavior from the top-down demonstrates the seriousness of the topic and will drive change.
For more CISO insights, please see CyberTalk.org’s past coverage. Lastly, subscribe to the CyberTalk.org newsletter for executive-level interviews, analyses, reports and more each week. Subscribe here.