Speakers
Synopsis
In January of 2015 a qualified academic was appointed as the Finance Minister of Greece with a mandate to renegotiate a disastrous programme that had sent the deficit of Greece further into the red. Upon his second meeting with the “troika” (decision group) he was told by one of the powerbrokers of the Eurozone “Elections cannot be allowed to change an economic programme of a member state!”.
Many times, per month, quarter, or year, qualified information security professionals are appointed as Chief Information Security Officers the world over. They are armed with a mandate to negotiate, steer, traverse, etc. organisations to uplift their cyber security programs and capabilities into the future, to hopefully manage cyber risk and enable opportunity.
Upon starting they are often told by their stakeholders (typically the C-suite, sometimes the board) that they have no budget, save for whatever may have been allocated to the role for years, but they are expected to materially turn around the security posture and culture of the organisation within 12 to 24 months, if they’re lucky.
To quote that Finance Minister: “It’s lunacy”.
This session will look at the challenges faced by the role of a CISO, through the lens of Europe’s post-GFC crisis, and the absurdity that is commonly faced by leaders in information security who are tasked with an immense, complex challenge with both arms tied behind their back.
The aim is to engage a discussion with the audience and posit pragmatic ideas on how a CISO may manage such futility so as not to find their mission over before it even begins.
In other words, unlike the radical, ‘game theory’-loving Finance Minister, can the CISO find a way to avoid further “austerity” and make a positive impact on the organisation’s cyber security?
