Living with Cybersecurity Threats - The CISO Viewpoint

Sony. Target. Home Depot. Cybersecurity has moved beyond the boardroom and into the mainstream due in large part to a handful of very high-profile breaches. Rarely does a week go by without reports of a new breach. Retailers, healthcare organizations, financial institutions—no sector is immune. Based on the increasing frequency of successful attacks, one thing is certain: organizations cannot keep applying the same approach over and over again and hope for a different result. Businesses and organizations are looking to cyber innovators to help them navigate this ever-changing landscape.
 
During the last week of June, the most active CISO/CIOs, industry experts, entrepreneurs and investors working on cybersecurity innovation arrived in Israel for Cyber Week 2015, one of the year’s most important annual cyber events. As part of the week's activities, Innovation Endeavors, an early stage venture fund, and Team8, Israel’s leading cyber “foundry”, hosted an exclusive cyber innovation roundtable for select CISOs and CIOs from around the world. Speakers included Rich Baich, CISO of Wells Fargo, Brent Conran, CSO of Intel, Saul Singer, Co-author of Start-up Nation, Assaf Mischari, Head of Research for Team8 and and Nadav Tzafrir, CEO of Team8 and former Head of Unit 8200 (the equivalent of America’s National Security Agency). 
 
The evening’s discussion focused on CISOs and CIOs viewpoints and the needs of their companies. Three key topics were discussed:
 
(1) how to integrate and communicate with your board,
(2) how enterprise is being forced to change its cybersecurity strategy; and
(3) how to address the scarcity of cyber talent in today’s market.
 
Here are some highlights from the discussion.
 
1. Having your Board on board:
 
One of the first questions the speakers were asked was, “why is it important to influence Boards”? The whole room answered in unison, “budget”. Baich added that it takes time, patience and money to develop a robust incident response process. Baich recommended that a CISO and his/her Board “open up the conversation about security” and communicate on a regular basis. The Board needs to be aware of the current risk posture and exposure prior to an incident. What Boards want more than anything is trust and good communication is the key to building trust. Conran also advised approaching your Board with a plan. “When you have architecture and a plan in place, it’s a much easier conversation.”
 
2. Stay fearless, learn more:
 
Everyone on the panel agreed that a good CISO/CIO must find the right balance between providing “operationally sound risk management” and “innovative risk solutions”. For this reason, it is important to stay curious and flexible. “It is about our spirit to be resilient and push to find solutions,” said Baich. All of the panelists noted that Israel is one of the places they look to for cyber innovation. “The United States worries about safety and Israel thinks about survival,” noted Conran. “That alone probably explains why Israel is known for cyber innovation.”
 
When asked whether security was a cost center or a revenue driver, both Baich and Conran said that they have always thought of security as a revenue driver. “If you get the right controls in place, you can grow faster,” said Conran.
 
3. Recruit with an open mind:
 
All of the participants noted that one of their biggest pain points was the lack of cybertalent. Today’s need for cybersecurity professionals simply outweighs the supply. For this reason, everyone agreed that you have to look past university degrees and certifications. Conran said, "[he] looks for a beginners mind, that detective thought process, that inquisitive mind, because cyber is always changing. You're going to need opinions and new thought processes besides just a PhD in math because the world changes so rapidly, you need an open mind.”  
 
Integrity is another quality that Conran looks for when hiring. He noted that security professionals often deal with sensitive information and discretion is critical. “One of the best cybersecurity professionals I ever hired had run a dog shelter. In his interview, he admitted that he didn’t know the answers to all my questions. He was able to learn the technology quickly, but his integrity is what made him a valued member of the team.”
 
We would love to hear your thoughts! How is your company thinking of new ways to feel secure and protect user data and private information?
 
More about Team8: Team8 is a cyber power-house focused on developing disruptive technologies and launching new cybersecurity companies. Team8 provides the capital, research, expertise, network and talent to startup teams tackling the toughest cybersecurity challenges. Team8 is also engaged in strategic cyber posture consulting and incident response services, carried by top talents out of Israel.
Team8 was founded by former heads and veterans of 8200 ("Israel's NSA") and is backed by Cisco, Alcatel-Lucent, Bessemer Venture Partners, Innovation Endeavors and Marker LLC.

More about Innovation Endeavors: Innovation Endeavors is an early-stage venture capital firm that believes in thesis-driven investing, building networks to create value (e.g., Farm2050), and supporting our entrepreneurs through our dedicated Value Creation Team. With offices in the two most entrepreneurial communities in the world (Silicon Valley and Israel) and the backing of Eric Schmidt we are always excited to meet entrepreneurs working to solve some of the world’s most important and hard problems.