Alex Cotton, Kenzie Schumaker, and Glenn Kapetansky attended the CyberRisk Leadership Exchange hosted by the Cybersecurity Collaboration Forum on June 28th. The event brought together top executives in cybersecurity to engage in collaborative discussions on cyber trends including security in cloud migration, the evolving role of the CISO, and automation in cyber.

Panelists:

• Ricardo Lafosse – CISO, Kraft Heinz Company
• Salumeh Companieh – Digital and Innovation Officer, Cushman & Wakefield
• Erik Hart – CISO, Cushman & Wakefield
• Matt Olsen – CPO, Sidley Austin LLP
• Mark Varner – CISO, Lowe’s
• David Levine – VP Corporate & Information Security, Ricoh USA
• Sarah Buerger – CISO, Coyote Logistics
• Ed Yousfi – Information Security Executive, Gallagher Bassett
• Julie Myerholtz – CISO, Grainger
• Aaron Lentz – Director of Strategy Execution, SecureITsource

Highlights:

• The COVID-19 pandemic brought significant disruption to security, forcing organizations to quickly migrate to the cloud and adopt new security strategies.
  • “We know how to be secure on-prem. We know that the cloud can be secure too. But cloud security mechanisms are different, so if you try porting your on-prem security models to the cloud, you will be unsecure.” – Security Director (Financial Sector)
• The CISO role is evolving and requires a strong understanding of business functions and objectives to effectively balance confidentiality, integrity, and availability of information and tools. CISO skillsets have moved dramatically to “soft skills” over the past five years.
  • “You must become an extension of business teams in order for business leaders to become an extension of the security team.” – CISO (Fortune 500 Manufacturing Firm)
• Cloud is a transformative technology that is fundamentally changing the way cybersecurity is conducted.
  • It offers incredible ease of access but simultaneously creates new threat vectors. “It’s easy to get into, but it’s easy to get into.” – VP of Security (Digital Services Firm)
  • It mandates a shared security accountability model with third party cloud providers.
  • It is replacing traditional network security and, as such, requires cyber professionals with new cloud-focused skillsets.
• The challenge with automation in cyber is that bad actors do their best to look like normal and acceptable behavior.
  • “It’s not about finding a needle in a haystack; it’s about finding a needle in a pile of needles.” – CISO (Management Consulting Firm)
• Agile project management has enabled organizations to rapidly innovate in cyber.

Trexin provides support in cybersecurity transformation and can help your team.

Our approach to cybersecurity is balanced and layered, integrated with your Enterprise Risk Management framework. Our partnership with you will explore improvements to policies, processes, dashboards, architectures, and the management of new technologies on all organizational levels from Operations to the Board.

Where Trexin Can Help – Cybersecurity Offerings:

Assessments: Cyber Risk Gap Analysis, Technology Risk Assessment, Vulnerability Assessment, and “Metrics that Matter” Dashboard Design
Operational Support: Interim Leadership/Succession Planning, Security Architecture, Key Program Execution, Cyber Risk Management Framework, and Key Risk Indicators (KRI) Framework
Breach Response: Targeted Incident Response, Improved Incident Response Process, Prioritized Action Plans & Execution, and Red/Blue (+ Purple) Team Exercises

Contact a Trexin Advisor