Just like everyone else during this pandemic, SecureWorld has been adapting to remote work, which means pivoting from in-person conferences to virtual conferences.
Our most recent conference, SecureWorld Mid-Atlantic, just came to a close, and it had quite the lineup of speakers who shared their thoughts on the current cybersecurity landscape.
Our opening keynote, Marching on in 2021: Cyber Resiliency in Security, featured five CISOs from different industry verticals:
- Mark Eggleston, VP, Chief Information Security and Privacy Officer, at Health Partners Plans
- Anahi Santiago, CISO at ChristianaCare Health System
- Joshua Cloud, Senior Director of Information Security at NFI
- Nick Falcone, CISO at University of Pennsylvania
- Todd Bearman, VP & CISO, Global Infrastructure and Security Solutions, TE Connectivity
The stellar group discussed a variety of topics relating to cybersecurity in 2021, including lessons learned from the pandemic, practical strategies for combating nation-state cybercrime, and plans for returning to the workplace.
How can CISOs innovate?
During the conversation, moderator Mark Eggleston posed a question that created considerable conversation from each security leader: How can progressive CISOs and their teams continue to ensure strong collaboration across the business and continue to enable the speed of innovation?
Here is Joshua Cloud's response:
"In this new environment, the business wants to continue to move forward. And there's a lot of new technologies coming out, which are becoming more and more challenging for us to secure properly. Maintaining alignment with the business and putting yourself in their shoes is very important, it goes a long way. And to make sure that you're seen as a partner in every new piece of technology that the business wants to come out with. And understand that not all risk is bad.
Throughout COVID, the business hasn't slowed down; if anything, especially in our industry, we were deemed essential workers. So the business is continuing to look for opportunities where we can innovate and find new avenues to generate revenue."
And Nick Falcone's thouhts:
"I think that collaboration has to be an active thing. We need to double down on the things that used to work. So when we were trying to collaborate with the business before dealing with innovative environments, our goal was always to move left in that project process. And I think that's only become more important. So the closer you can get to the idea stage, the better off you can be. And I think in a dynamic situation like this, many people are going to have many good ideas, and many of them are going to have the same good idea, but with 20 different vendors that they want to have implemented.
If you don't have some sort of structure to draw those people together and drive consensus, you just won't have the staff or the bandwidth to keep up. So I think that's the key thing, being able to build that trust, move left towards the idea phase, and then have some sort of a funnel that drives those innovators together so that you can actually have the bandwidth to work with them. If you don't have some sort of project structure committee, or whatever it is that drives those ideas together, I think you'll be in trouble."
Here is what Anahi Santiago shared with the audience:
"We're looking at innovative ways to respond and to enable business continuity. Whereas before, we really relied on just our downtime procedures. Let's go back to paper. Now we're saying we've got to work in Office 365, so we can communicate via Teams, our emails are still going to be accessible, our file shares are still going to be accessible. So how can we use those tools and technologies to continue to do work?
We're also thinking about mobile devices, how can we leverage mobile devices to maybe be able to get to our EHR, off network, without having to go to downtown procedures. Additionally, with the move to telehealth and virtual care, we've pushed a lot of our workflows not only towards our clinicians in their homes, but to the patients in their homes. We're now looking at providing patients with whatever technology we can leverage so that they can actually self-manage their care. And we can then enhance that care remotely.
And so those resiliency plans are now being shifted out to the cloud and away from our data center, which takes a little bit of creativity in terms of how we continue to connect the hospitals to the cloud and to our patients' homes. So lots of really cool stuff going on. We've got lots of folks with really great creative ideas and connect points. Governance around that is something that we are very keen on, because there is so much opportunity and not enough time. But resiliency work is continuous, and it's even more so now than ever because we're such a target. It's really at the forefront of everybody's priorities."
And from Eggleston:
"We have a corporate governance committee that looks into this type of thing. And it's been really helpful because there's always more things you want to do than your budget or your time will allow, and that's a really good place to be. I've talked about this other times, about how important resiliency is, and more and more security professionals are seeing this, as well. You pretty much assume you're gonna get breached. I get that it helps you think about resiliency, or how you might recover—release a different way of thinking."
A different and better way to help security teams enable business and innovation, securely.