My Insights on Cybersecurity, AI, and Leadership: May'24
I am excited to start my newsletter on Substack to regularly share my insights on cybersecurity, technology, AI, personal development including in the world of diversity, non-profit work, and major industry events where I often speak. If you're interested in staying updated, please subscribe to receive my latest posts.
The past month has been busy with media engagements and speaking events, so I'm happy to kick off my presence here with an overview of the major events and features from the month:
The 2024 RSA Conference
I definitely over-committed myself with seven different speaking obligations and several media interviews, but it was worth it! RSA is undoubtedly the largest annual congregation of security executives in the world and I wanted to make the most of it.
On Monday, I joined Gadi Evron, Charles Blauner, and David B. Cross on the panel “CISOs Under Indictment: Case Studies, Lessons Learned, and What’s Next.” We discussed the legal challenges faced by CISOs through various case studies, sharing insights from my experience. Our quotes from this panel have already appeared in several articles; you can read more here.
RSA has become a must-attend for CISOs. This year, RSA launched its Cyber Leaders Program, an invitation-only event for CISOs, in addition to two other CISO-only tracks (ESAF and the Bootcamp) that were both packed. On Monday, I led an “Ask Me Anything” session, helping attendees navigate risks, build better public-private relationships, and embrace new opportunities to protect technology users. Overall I spent more time with security leaders in a shorter period of time than ever before thanks to RSA creating and prioritizing these executive-focused events.
My final “official” RSA appearance was a keynote talk on “Changing Expectations for Security Leadership” at the CISO Boot Camp. Despite the risk of enforcement actions, there are still many opportunities for the next generation of security leaders who participated in the boot camp.
On Tuesday, I also participated in a lunchtime panel at the Decibel Partners Oasis in the Children’s Creativity Museum with Tim Brown (CISO of SolarWinds). Nicole Perlroth (NYT best-selling author and founder of Silver Buckshot) led a special fireside chat for all the CISO friends in the Decibel community. I emphasized the importance of CISOs being proactive in their approach to security, especially in the face of evolving threats.
If there was one message I wanted to convey across all of these events it was that security executives should not be looking at the current regulatory landscape as a sign they should lean out of taking responsibility, but should be looking at the emergence of new technology risks like those associated with the rapid deployment of AI in enterprises as a call to action and opportunity to play an even stronger role in managing digital risk for their entire organization.
CyberEdBoard Profiles in Leadership
During the RSA week, I had a chance to talk to Anna Delaney from Information Security Media Group (ISMG) as part of the CyberEdBoard's ongoing Profiles in Leadership series. We discussed insights from my case on navigating the risks that many cybersecurity professionals fear and the importance of being prepared to tackle AI-related challenges. Currently, when I ask an audience full of CISOs how many use AI in their day-to-day work, only a few raise their hands. I firmly believe that CISOs should lead the exploration of new technologies, integrating them into their practices, and preparing for AI-related risks, even if they haven't been directly assigned to do so.
As in almost every speech I give, I shared my views on why it is crucial for security professionals to develop into business leaders and why I believe that if they don’t step up into the role of the top manager of digital risk at their organization, someone else will.
Feature on Axios about how I help executives
It was a privilege to be featured on Axios, where I spoke about helping the CISO community learn from my experiences and the concerning trend of corporate security executives being singled out for how their companies handle cybersecurity risk. I told the judge I would not take my second chance for granted and that I would speak to cyber leaders about the right approaches to take in the future. Over the last year, I've met with many security executives who have a lot to say but are often handcuffed in their ability to speak up because of their senior corporate roles. I'm not.
I love that I have been able to get back to work advising companies and leaders on security best practices and tackling the biggest cybersecurity challenges of our time.
Insights From International Legal Technology Association (ILTA) Evolve Conference on the Generative AI
At the International Legal Technology Association (ILTA) Evolve Conference, Lily Yeoh and I gave a keynote talk on "How Cybersecurity Roles and Programs Are Evolving Due to the Introduction of Generative AI."
We wanted cybersecurity experts to see the emergence of AI as an opportunity to grow and play a bigger role in their organization's success. While AI-related risks are still being debated, there is no doubt that there are many risks, including some that go beyond the traditional ones addressed in cybersecurity programs. These novel risks require security professionals to step up, rather than expecting someone else to handle them. These are topics I regularly discuss with the AI companies I advise and the CISOs I consult with on developing their programs.
I invite you to subscribe to this newsletter for regular updates and insights. I'm excited for the chance to share my thoughts with a dedicated tech and security community. I look forward to connecting with you on this journey!