Cyber Security
A CISO's journey to Security Transformation begins with 7 Considerations
M By Magda Lilia Chelly Managing Director of Responsible Cyber Pte.
agda Lilia Chelly is a CISO On Demand. Magda' latest two projects covered the roles of a Regional ISO Lead Implementer for a Fortune 500 (ISO 27001:2013) and an Information Security Officer role for a MAS (Monetary Authority of Singapore) regulated company covering Asia Pacific. Those projects gave her all the required expertise around regional and global regulatory landscapes, including privacy and cyber security legislations. It did also provide the experience of building standards, policies, aligning with local, regional and international requirements and regulations, including PDPA, GDPR, Cyber Security Act of Singapore, etc. Cyber Security transformation is a Cultural Change, and among experienced challenges by CISOs, we find business and employees’ resistance to change. It does affect the overall cyber resilience roadmap and the general cyber maturity of the company. So, what are the best and quick
40 | Australian Cyber Security Magazine
wins to overcome those barriers? Magda will share her own experience, failures and successes rolling out new cyber controls, from start-ups to Fortune 500 companies. This has been a really busy year for myself with all the emerging new cyber threats and my continuous responsibilities across the Asia Pacific region. I sometimes felt like I have done in a period of three years, what would be equivalent of 10 years. I have been constantly challenged and overwhelmed by requests from various business departments, or business lines following increasing cyber security controls within the organizations. And, this was definitely a very rich experience up to date. I have started my CISO journey with being a Chief Information Security Officer (CISO) for start-ups and small size companies. This would rather therefore be the equivalent of a security advisor role as those companies do not usually have extensive resources to manage. That said,
