The Basics Of Being A Global CISO
The various pillars include security, which is, operations, corporate, product, customer, production, and automation. It also includes compliance, undergoing audits and certifications throughout each year. You need to maintain trust between platforms, products, and customers. Quality management, data protection, privacy principals, customer advocacy, risk and assurance, are also major pieces of the CISO puzzle.
How Lakshmi Got Where Is Today
Lakshmi built herself up over the past 24 years with a vast background of experience. She’s been in the information risk-management/security field for a long time and has developed her view of the position over that time. Beginning as a security engineer, she has elevated her career to where it is today.
Empathy In The Professional Realm
Lakshmi has worn many hats in her long career, which lets her understand where her colleagues are coming from. She is able to put herself in their shoes, because she has been there. This has created an empathetic environment around her work and lets her effectively communicate with others. As a child she developed a strong sense of empathy, which wasn’t lost as an adult, she has kept this with her and was able to incorporate this mindset in her professional life. Being in the business of trust, empathy goes along way to gaining that trust you need to provide the work for your clients and colleagues.
What Is The Trust Office?
The Trust Office is comprised of all the teams working with Lakshmi; she is the head of this office at Box. Trust is the key to any and every aspect of her position. The mission statement of this office is protect the Box brand with secure products, secure operations, and continued compliance. She believes that seeing through a lens of trust leads to a less fragmented and more cohesive view of how to engage, invest, converse, and prioritize around risks.
The Cloud And How Customers Are Confused
No cloud provider comes without risks involved, the customer needs to weigh the risks involved between the platforms they are researching. If all platforms were more transparent with their customers, some of this confusion could be alleviated. Customers are also entering into a partnership with their provider, both playing their own unique roles in this relationship. The takeaway; understand the risks and understand that this is a partnership.
Recognizing Red Flags
It is very important to understand your own risk appetite before getting too deep with any platform, have the conversations with your team to be able to pinpoint what will and will not be acceptable to the company. Secondly, understanding what the actual risks are. If you aren’t getting the level of transparency you’re looking for with that platform, this probably shouldn’t end in a partnership. Another important aspect to consider is mutual understanding, the platform should understand how and why you going to be using their product. There should be open dialogue about what both parties need from each other beforehand.
The Concept Of Zero Touch Defined
This can be explained by looking into the three different layers. RPA or rapid process automation, the most basic layer, the next layer up is ML or machine learning, followed by AI or augmented intelligence. These are the three phases a customer could be in on their way to zero touch. By utilizing this concept, and minimizing human intervention a company can retain their manpower to focus on strategy and more proactive work. This is also beneficial for the customer by saving time, remaining consistent, keeping manual errors at a lower rate, and a general better user experience.
Understanding The Risks Security Teams Face In The Era Of Cloud Services
The major risk is a security team becoming obsolete; the team is only as valuable as they are irreplaceable. If the security team isn’t highly educated on the specific needs of the business, why are they necessary? A few way to educate yourself on the needs of the business, is understanding where the business comes from and who utilizes it, knowing the risks and pain points the business faces regularly, and be able to clearly define how your organization provides value.
Using Communication To Create Change Or Partnerships
So many aspects of running a business can be automated, some can’t, an open dialogue about responsibilities, wants, needs, and stressors can’t be automated. This comes back to transparency and empathy, when opening up the conversation remain authentic, clearly state what you believe your responsibilities are, inquire about your counterpart’s role. This transparency can lead to building trust, which can create necessary change or partnerships. This human element shouldn’t be overlooked, showing vulnerability can make everyone feel connected and comfortable with each other, knowing they come confidently come back to a dialogue whenever necessary.
Single Pane Of Glass: The Mindset
The term “single pane of glass” is used pretty frequently, but to Lakshmi it’s a mindset. The single pane of glass for her is the process of getting the result, when faced with a specific issue she uses this approach and asks pointed questions. Do we have a process in place for this issue? Is there a common denominator of the impact, the risk narrative? What are the consequences of inaction? So the single pane of glass mindset on risks involve all three; the impact, the risk narrative, and consequences of inaction.
What Being The New CISO Means to Lakshmi
Understanding the current environment, business, talent, people, their motivations and inspirations all come into play. Building operational excellence, having a team with the same vision, and finding the talent to compliment the vision you have. For Lakshmi it’s the journey, and that’s what inspires her to continue.
Resources:
Exabeam Website
Steve Moore Linkedin
Lakshmi Hanspal Linkedin
Box Website