On Tuesday 5th June I attended Infosec Europe.
I had a few motives for the day, attend a couple of the keynotes, meetup with a couple of clients and candidates I work with, and just generally absorb as much of the day as possible, especially as it was my first time attending.
Baroness Dido Harding kicked of the conference with the opening keynote “View from the Board: A CEO’s Perspective on Cybersecurity”. Firstly, an awesome opening to the event, super insightful, super honest, and actually, surprisingly, for me, super relatable. She spoke about the days leading up to the attack, the day itself, and the days following the attack on TalkTalk in 2015, where she held the position of CEO at the time.
Here are a couple of the key takeaways -
Board’s don’t ask the right questions.
She explained that normally they ask “Are we OK now? Are we safe?”
Whereas the questions they should be asking are “Where are we at risk?” That way, they can weight up what risks need addressing and what risks they can live with etc. Because, no one is really safe.
Really smart security professionals need to speak in plain English
In a nutshell, technical folk need to be able to articulate technical talk, to non-technical people. This is something that was crucial for Baroness Harding , as being 'the face' of the company meant in the public, she had to be able to hold her own. This really resonated with me, I openly admit I am not technical, nor am I security professional but the people I speak to every day are. When qualifying candidates and roles I need to to make sure I understand fully.
From my experience, these softer skills needed to interact clearly with other parts of the business are becoming more prevalent. As Security is being taken more seriously in more organisations, it means more people within the business are being exposed to it and they need to be able to understand it, in order to be able to claim make business "as safe as possible".
Baroness Harding's talk really resonated with me and further instilled my belief that the 'human element' is an important consideration when thinking about your next hire in Security. Whether it be asking the right questions regarding RISK or being able to empower others with knowledge to protect themselves and their business - human instinct, intelligence and ability to have productive interactions are a vital quality not to be overlooked.
A super start to what was a really great conference.
Drawing on her experience as a CEO, Baroness Harding will discuss what the CEO really needs from the information security function, how to drive engagement with the board, how to gain support for investment and how to promote a security culture across the enterprise. You will learn how the CEO defines value and how they want to receive information about risk posture, threats and cyber security strategies. Baroness Harding will share how, in the event of a breach, to work with the CEO to minimise impact, and perhaps most crucially, protect the reputation of the organisation.