Cybersecurity: an ever-evolving industry

Cybersecurity: an ever-evolving industry

One of the reasons I find cybersecurity so exciting is that it is an ever evolving and transforming industry. It is among the few domains that experiences transformation at scale and machine speed on a regular basis. And not just technological transformation – operational, cultural, and regulatory transformation, too.

Because cyber is so multifaceted, discussing industry transformation on Afternoon Cyber Tea is a wonderful learning experience. Each guest brings a unique perspective and set of experiences to the discussion. My latest guest – Adam Malone, a principal at global consulting, assurance, and services firm, EY – did not disappoint in this regard. Adam has had a unique journey in cyber – from the US Air Force to BAE Systems to the US FBI and now EY. He has seen his fair share of industry transformation, so I knew chatting with him would be fun.

Here are a few highlights from our discussion. The full episode with show notes and transcript is available here – you can listen to the episode immediately below.


The rise of geopolitical resilience

Most leaders agree on the importance of cyber resiliency. The rise in ransomware and events like Colonial Pipeline underscore the criticality of this function. But the last several years have given rise to a new issue – geopolitical resiliency. I wanted to unpack this new challenge with Adam, so I asked him what he is hearing from customers as it relates to this issue. Adam commented, “More of our companies are asking those questions today, right? What have I said? What have I done? Where have we spent money? Where is our supply chain? How is that impacted by this changing geopolitical climate? They're spending more time understanding it – discovering where their supply chain is and what its impacts are, making contingency plans. They're spending more time rehearsing it. They want to bring in experts to talk about how these events could occur and how they may occur and how it could impact them.”

The evolution to quantifiable risk

If you are an avid Afternoon Cyber Tea listener, you know I love a good discussion on resilience. It is a topic that I think needs more C-suite and boardroom discussion. And, in my opinion, you can’t have much of a conversation on resilience without touching on risk. Adam and I discussed the transformation in this space as well – going from the ‘gut feeling’ approach to risk, to a more informed, quantifiable approach. Adam commented, “We (the industry) are moving away from qualitative approaches to understanding what cyber means, and we're thinking about quantifying that – you know, building out real risk scenarios and spending some time and effort to understand how it's going to impact the business, its ability to deliver outcomes, to generate profits for its shareholders. And so that becomes really important - and how fast can it recover and prepare for those eventualities. You know, ransomware has done a lot for us in cyber in helping us think differently about the urgency and the resilience of cyber programs across our companies.”

The shift in regulatory and oversight discussions

Cybersecurity regulations are complex due to the constantly evolving nature of threats and the diversity of the organizations that must comply with them. If you dig into the regulatory landscape, you will find a mix of international, national, state and industry-specific regulations, guidelines, and best practices. Some regulations require specific technical controls, while others focus on policies, procedures, and risk management. It is a lot for any organization to contend with. Adam and I briefly chatted about this. More specifically, the intersection of regulation, board oversight, and cyber risk. Adam mentioned, “One is this shifting regulatory landscape. We've seen a lot of increased interest from the regulators to kind of get their hands around more transparent cyber risk management behaviors – requiring qualified oversight. So, if you think about what they're asking of the boards of directors now, they want more cyber expertise.”

My conversation with Adam was fascinating and full of insights and tips from his experiences in the military and FBI through his role today helping private equity firms better manage risk. For the full episode and more Afternoon Cyber Tea, visit www.afternooncybertea.com. New episodes are released every other Tuesday and are available on the CyberWire and most major podcast platforms.

·      Afternoon Cyber Tea on CyberWire

·      Afternoon Cyber Tea on Apple Podcasts

·      Afternoon Cyber Tea on Spotify

·      Afternoon Cyber Tea on Google Podcasts

Hassan Irshad

Search Engine Optimization Team Lead @ webAffinity | Electrical Engineer

5mo

Ann, you're right on about the ever-evolving nature of cybersecurity! It's kind of like playing whack-a-mole with bad guys - you plug one hole, two more pop up. Do you think there's a way to get ahead of the curve, or is it always going to be a game of catch-up with cyber threats?

Like
Reply
Rob Fegan

Demystify selling with Microsoft. Learn what it takes to partner with Microsoft field sellers.

1y

I love the term "cyber empathy". Empathy is crucial for establishing relationships and behaving compassionately and coming together as a community. When it comes to defending against #cyberthreats, bad actors and nation-states, it will take a community.

Like
Reply

To view or add a comment, sign in

More articles by Ann Johnson

  • The power of partnership in building cyber resilience

    The power of partnership in building cyber resilience

    We believe every individual and company around the world should be empowered to meet its security needs. Achieving this…

    1 Comment
  • Thoughts on a Federal Cyber Insurance Backstop

    Thoughts on a Federal Cyber Insurance Backstop

    As a strong supporter of the recent U.S.

    8 Comments
  • Resilience, Partnership, and Culture in Security

    Resilience, Partnership, and Culture in Security

    Over the last few decades, the healthcare industry has made a tremendous shift toward digital-enabled care. Health…

  • Blending Art and Science in Cybersecurity

    Blending Art and Science in Cybersecurity

    With responsibility for protecting peoples’ life savings, assets, and more – CISOs in the financial services industry…

  • Perseverance in Cybersecurity

    Perseverance in Cybersecurity

    “If life gives me lemons, I’m making lemonade,” exclaimed my latest Afternoon Cyber Tea guest, Marene Allison, at the…

    3 Comments
  • The Art of Storytelling in Cybersecurity

    The Art of Storytelling in Cybersecurity

    Storytelling has been an integral part of human culture since the dawn of civilization. From myths and legends to…

    3 Comments
  • Security Trends in 2023 and Beyond

    Security Trends in 2023 and Beyond

    Happy New Year, Afternoon Cyber Tea listeners! After a short break, we got back in the studio and have been recording…

    3 Comments
  • Evolution of the CISO

    Evolution of the CISO

    I do not think it is too bold to say that few roles have undergone a more significant transformation than that of the…

    1 Comment
  • Protecting our cyber defenders mental health

    Protecting our cyber defenders mental health

    There is mounting evidence of serious mental health and wellbeing issues in the cybersecurity industry. Ask your…

  • How to get started with your cyber career

    How to get started with your cyber career

    According to a recent report, more than 700,000 cyber jobs in the US remain unfilled. And it is estimated that millions…

Insights from the community

Others also viewed

Explore topics