Cyber Sentinels October 2022

Page 1

VOLUME 08 | ISSUE 27 | OCTOBER 2022 SPECIAL SUPPLEMENT BY THROUGH THE METAVERSE CXO s AND CISO BRIDGING LinkShadow is leveraging the Metaverse platform to showcase enterprise vulnerabilities in larger than life presentations to CXOs LINKSHADOW
FADI SHARAF
EL-DEAN Regional Sales Director, LinkShadow
FLIPPING TOWARDS INNOVATION Phone: +1 (732) 794-5918 | Email: hello@opxtechnology.com | www.opxtechnology.com Cloud & Digital Transformation ERP on Cloud Cyber Security Solutions Analytics & Automation AI & ML as a Service YOUR PARTNER FOR

EDITORIAL

Outgrow to Outsmart!

On September 28, UAE officially said goodbye to masks! Does this mean the virus is gone forever?

We know the answer.

One of the greatest traits of being human is that, we can evolve with practice and wisdom. Once we are hit by a calamity, steadily we come up with ways to either cope with it or co-exist with it, if not eradicate it. Such is the case with the Pandemic, we all have somehow learnt how to fight the battle. We have to outgrow to outsmart the virus.

MANAGING DIRECTOR

Tushar Sahoo tushar@gecmediagroup.com

CO-FOUNDER & CEO

Ronak Samantaray ronak@gecmediagroup.com

GLOBAL HEAD - CONTENT AND STRATEGIC ALLIANCES

Anushree Dixit anushree@gecmediagroup.com

ASSISTANT EDITOR

Rehisha PE rehisha@gecmediagroup.com

SALES

Richa S richa@gecmediagroup.com

Anuradha Basu anuradha@gecmediagroup.com

Ines Ben Rejeb ines@gecmediagroup.com Ph: + 971 555 120 490

Production, Circulation, Subscriptions info@gecmediagroup.com

COMMUNITY COMMUNICATIONS

Gurleen Rooprai gurleen@gecmediagroup.com

Jennefer Lorraine Mendoza jennefer@gecmdiagroup.com

OPERATIONS LEAD Omair Khan omair@gecmediagroup.com

DIGITAL TEAM

IT MANAGER Vijay Bakshi

ANUSHREE DIXIT

Anushree@gecmediagroup.com

With technology getting more complex, the battle between the hacker and the security experts is just intensifying. In this scenario, business have no choice but to put a fair amount of expertise, time and investment in raising the security standards of the organization. In 2023 experts are predicting IoT vulnerabilities, state-sponsored cyber warfare and remote work and distributed team to be the biggest concerns for organizations. The world is still returning to normal and the post-covid era is still in its early unsure stage. Consumers are seeing a significant shift in the way the internet works, behaves, and how connected we are. We are more dependant on technology than ever before, so safety and privacy will be at the forefront. Hence, it becomes imperative that business continues to invest more in educating the stakeholders and build a more resilient workplace.

Dr. Srijith Nair,Director of Data Protection & Privacy Engineering at Careem Networks says, “Being able to balance investments in security across these existing and new and emerging threats while at the same time educating the business on the importance of security hygiene and the ability to respond to security incidents in presents complex challenges.”

Our cover feature this issue features Fadi Sharaf El-Dean, Regional Sales Director, LinkShadow who talks about how LinkShadow analytics powered by artificial intelligence is helping under-resourced security teams and network operations team stay ahead of adver saries. Talking about one of the modules of the analytics he says, “LinkShadow’s third module is the insights module for CXO visibility. The purpose of this module is to give the C-level management, visibility into real- time compilation of the overall security status of the entire network and the capability to dive into details. They will get a performance-based analysis of all security investments to identify and monitor security metrics of importance to them and enhance their decision-making capabilities. And all of this through a very different way,”.

Summarizing all the thoughts, the CISOs and solution providers are all pointing in one direction. We need to be ahead of the game. We need to outgrow the existing legacies and think beyond what is normal and visible to the naked eye. Outgrow to outsmart!

As we speak, Global CISO Forum is all set to host the first-ever annual conclave of the CISO Forum in Pattaya, Thailand on Nov 22-24. As a curtain raiser to the much-awaited GCC Security Symposium and CISO Awards Roadshow in 2023, this ultimate networking evening and gala dinner hosted by Global CISO Forum, will bring together the top CISOs and Security Heads from the GCC to celebrate, engage and socialise with partners and peers.

Waiting is wasting, join us today!

DIGITAL CONTENT LEAD Deepika Chauhan CREATIVE LEAD Ajay Arya DESIGNER Rahul Arya ASSISTANT DESIGNER Vikas Chandra DESIGNED BY

PRINTED BY

Al Ghurair Printing & Publishing LLC.

Masafi Compound, Satwa, P.O.Box: 5613, Dubai, UAE

SUBSCRIPTIONS

info@gecmediagroup.com

Office

G2 Circular Building , Dubai Production City (IMPZ) Phone : +971 4 564 8684

31 Foxtail Lan, Monmouth Junction, NJ - 08852 United States of America Phone No: + 1 732 794 5918

A PUBLICATION LICENSED BY International Media Production Zone, Dubai, UAE @copyright 2013 Accent Infomedia. All rights reserved. while the publishers have made every effort to ensure the accuracyof all information in this magazine, they will not be held responsible for any errors therein.

No #115, First Floor

FADI SHARAF EL-DEAN Regional Sales Director, LinkShadow

COVER FEATURE

ENTERPRISE SECURITY DASHBOARDS FOR CISO s

CYBER RISKS IN THE ERA OF DIGITIZATION

THE BARRIERS IN THE JOURNEY OF DIGITAL TRANSFORMATION

DIGITAL TRANSFORMATION : ARE BUSINESSES READY TO ADOPT NEW TECHNOLOGIES?

SECURITY OFFICERS IN NEED OF CLOUD SECURITY EXPERTISE

TOWARDS A MORE SECURE CYBERSPACE!

BUILDING A STRONG AND SECURE CULTURE

CYBER ATTACK VS.DATA PROTECTION

THE CHALLENGING ROLE OF A CISO!

BUILDING RISK MITIGATION SKILLS FOR THE FUTURE?

END-TO-END SECURITY SOLUTIONS

WHY DO WE NEED TO BE AWARE OF INCREASING THREATS IN THE DIGITAL WORLD?

BLOCKCHAIN AND CYBER SECURITY: WHAT DOES THE FUTURE HOLD?

SECURITY CHALLENGES IN A DIGITALLY TRANSFORMING WORLD

48-49

VOICE YOUR CONCERN FOR A ROBUST FUTURE

EDITOR’S PAGE
EXPERT BYLINE
CISO OPINION CORNER
CONTENTS OCTOBER 2022
42-46
06-41 05OCTOBER 2022

CYBER RISKS IN THE ERA OF DIGITIZATION

Please describe your job role?

Leading the global Cybersecurity operations for the digital space of the company covering IT, OT, IoT, and IIoT to sustain the continuity and growth of the business. My responsibility covers (but is not limited to),

1) S etting the strategy of Cybersecurity with required business plans and initiatives.

2) Establishing required Cyber Security governance, policies, and frameworks.

3) Sustain Ma’aden Cybersecurity posture to comply with leading Cybersecurity best practices.

4) Ensure availability, confidentiality, integrity, and auditability of Ma’aden’s digital assets.

5) Eliminate adverse impacts of cyber-threats on Ma’aden’s business operations.

6) Ensure conformity with the laws, regula tions, and standards applicable for local and global operation.

7) Preventing non-repudiation of technologybased activities.

What are the most important and critical aspects of your job role?

Sustain the continuity and growth of the business.

What are the typical challenges faced by a chief

security officer in large and medium enterprises?

l Global shortage of cybersecurity skillsets and resources.

l Poor solid Business continuity plans.

l Lack of cybersecurity involvement in New Projects.

l Absence of data classification and data management program.

l Lack of cybersecurity awareness.

l Legacy and obsolete systems and technol ogy designs.

l Lack of adequate OT Security Technolo gies and monitoring tools in the market.

l Inadequate incident response plans and protocols.

CISO PROFILE
“Digital transformation needs to be considered as a business risk driven by the increasing business demands for automation and digitalization which create the Risk.”
JAD H. ABDULSALAM Chief Information Security Officer, Saudi Arabian Mining Co. (Ma’aden Group)
06 OCTOBER 2022

l No Proper due diligence was conducted on third parties to confirm their security levels.

l Failure to comply with regulatory requirements.

What are the key skills required for an ideal chief security officer in this age of digital transformation?

l Strong technical background in technolo gies and digitization.

l Business oriented and capable to link Cyber-risks to organizational targets and objectives.

l Expert in Risk management.

l Fully aware of local and global regula tions, mandates, standards, and best practices.

l Strong communicator and influencer.

l Strategic thinker and business enabler.

l Proactive, not reactive.

l Zero-trust mindset.

How do you define digital transformation?

Creating value through technology, automa tion, and digitization.

According to you, how does digital transformation affect the security posture of any business?

Digital transformation needs to be considered as a business risk driven by the increasing busi ness demands for automation and digitaliza tion which create the Risk.

How is digital transforma tion impacting the job role and department responsibilities?

With more innovative digitization, Cyber-risk increase and get more sophisticated which requires specialized skill-sets, additional resources, and investments.

Specifically, what are the challenges and opportuni ties created by digital trans formation including IoT, cloud, and mobility, for chief security officers?

Challenges,

l More and new resources and capabilities to be added/embedded

l Compliance with regulatory requirements

l Skill-sets

l Complicated designs and overwhelming the environment with more security controls

Opportunities,

l Apply more standardization and architec tural designs

l Improve the ability to expand security visibility and monitoring on all assets

l Cyber-risk can create positive poten tials for business optimizations and improvements

In general, looking at the present and future technology landscape, what are the upside and downside of cyber security solutions?

l Apply more opportunities for standardization.

l Support and improve the sustainability of growth and business continuity organi cally and inorganically.

l It also can limit the growth plans due to global regulations and mandates.

At present, what are your expectations from cyber security solution vendors, channel partners, and consultants?

l Provide more business-driven insights when they provide their solutions and how they can support the growth of an organi zation, not focusing only on their solutions capabilities and what it can protect.

l Invest more in AI and machine learning for security to provide more intelligent vis ibility, which can support decision making and minimize operational efforts & costs.

At present, what advice or feedback or recommendation would you give cyber security solution vendors, channel partners, and consultants?

l Think as a partner not as a vendor to build long-term relationships with your customers.

l As of today, GCC and Middle East regions are evolutionary booming in all fields which require more presence and invest ments from Cybersecurity providers to build the capabilities. ë

CISO PROFILE
07OCTOBER 2022

THE BARRIERS IN THE JOURNEY OF DIGITAL TRANSFORMATION

Please describe your job role?

My job role is to build, maintain and execute a governance pro gram to ensure that my organization operates at the highest level with its policies, standards, and guidelines as well as government regulations and industry best practices. Establish a policy lifecycle management process and apply it to all policy-related documents owned by the Information Security Department as well as ensure adherence with policies, standard implementation guidelines with technology, business-aligned development groups, and other stakeholders.

Moreover to develop security risk management and measurement

solutions (KPI/KRI), and to develop talent within the team by provid ing guidance and coaching to achieve the defined goals.

What are the most important and critical aspects of your job role?

Achieving enterprise-wide security needs, identifying, reporting, and controlling incidents, monitoring threats and taking preventive measures, managing and training security personnel, and communicat ing continuously are some of the critical aspects.

What are the typical challenges faced by a chief security officer in large and medium enterprises?

It is important for CSO to understand that they face threats both inside and outside of their organizations, ranging from the most common tasks such as employee management, retention, and training to the

“Digital transformation is challenged by inadequate resource management planning and inadequate IT resources.”
AMIN M SIDDIQUI SVP, Head of Cybersecurity Governance and Risk, Government Confidential
CISO PROFILE
08 OCTOBER 2022

UNLEASH DIGITAL

HUAWEI at GITEX GLOBAL 2022

Visit us at Za’abeel Hall 1, Dubai World Trade Center 10 - 14 October

Huawei GITEX Website

most sophisticated threats coming from outside. Aside from managing budgets and establishing ongoing business priorities, they are also responsible for ensuring that senior stakeholders are kept informed and well com municated with.

What are the key skills required for an ideal chief security officer in this age of digital transformation?

In order to survive the digital transformation, CSOs need many essential skills.

As such changes take place, effective com munication and analytics skills will be essential for providing insights and sharing information across the organization.

In the long run, you'll also need data analysts to help you make better business decisions and ensures learnability, adaptability, and creativity.

By bringing in new roles and skills to the digital transformation, IT leaders have a huge opportunity to reimagine their workforce. Investing in their own abilities and bringing these skills to the workforce will enable CSOs to achieve true transformation. By integrating the skills your business needs today and in the future, you will not only help your business survive but thrive.

How do you define digital transformation?

Digital transformation is an umbrella term for the process of applying digital technologies to change business processes, cultures, and customer experiences in order to meet the changing needs of businesses and markets. This reimagining of business in the digital age is digital transformation.

According to you, how does digital transforma tion affect the security posture of any business?

It has a significant impact on the way a business operates, resulting in fundamental changes. In every industry, digital transfor mation is beneficial and is gaining traction: it helps modernize legacy processes, speeds up workflows, strengthens security, and helps businesses become more profitable.

How is digital transfor mation impacting the job role and department responsibilities?

With the increase in the availability of data, analysis tools, and telecommunications, workers have been able to devote their attention more often to social interactions, collaboration, continuous improvement, and innovation. With technology making a great deal of high-skill jobs more intrinsi cally motivating, more tasks, skills, and a more decentralized work environment are possible.

Specifically, what are the challenges and opportu nities created by digital transformation including IoT, cloud, and mobility, for chief security officers?

Digital transformation is challenged by inadequate resource management planning and inadequate IT resources. In terms of IT resources, a lack of workforce and a talent war are two issues that impede successful digital transformation.

In general, looking at the present and future technol ogy landscape, what are the upside and downside of cyber security solutions?

In addition to providing enhanced cyberspace security and improving cyber resilience, cyber security enables businesses to protect their data, information, and cyberspace more quickly. It protects individual private information, it protects networks & resources and tackles computer hackers and theft of identity.

At present, what are your expectations from cyber security solution vendors, channel partners, and consultants?

In summary, a cybersecurity consultant ensures the privacy of information, the accuracy of data, and access to authorized users. This brings us to focus on the 3 crucial aspects of security which are confidentiality, integrity, and availability of data collectively known as the CIA Triad.

At present, what advice or feedback or recommenda tion would you give cyber security solution vendors, channel partners, and consultants?

Taking a holistic approach to a company's secu rity setup, including threat modeling, specifica tions, implementation, testing, and vulnerability assessment, is crucial for any good cybersecurity professional. As well as operating systems, networking, and virtualization software, they also need to understand security issues. ë

CISO PROFILE 10 OCTOBER 2022

DIGITAL TRANSFORMATION: ARE BUSINESSES READY TO ADOPT NEW TECHNOLOGIES?

VAITHYANATHAN RADHAKRISHNAN Sr. Information Security Officer, Qatar Development Bank

Please describe your job role?

To develop and manage enterprise-wide secu rity programs aligning with business strategy and report to key stakeholders by prioritizing, quantifying, and addressing the value of exposed information and digital risks.

What are the most impor tant and critical aspects of your job role?

Protecting the bank’s digital assets from external and internal attacks and effective communication of the key digital risks to the executive management in a timely manner are critical aspects of my role.

What are the typical chal lenges faced by a chief security officer in large and medium enterprises?

With the rapid evolution of the technological landscape, the harsh reality is that security is not transformed at the same pace resulting in a growing attack surface with multiplied threats targeting the key digital assets through various digital entry points.

What are the key skills required for an ideal chief security officer in this age of digital transformation?

VAITHYANATHAN RADHAKRISHNAN

As businesses are becoming more and more digital and agile, the CISO role is coming

Sr. Information Security Officer, Qatar Development Bank

CISO PROFILE
OCTOBER 2022

under pressure to demonstrate their agility and ability to learn new skills and technologies. However, the key management skills of the CISO remain the same which is balancing information security and business agility by demonstrating leadership with effective risk prioritization & communication skills.

How do you define digital transformation?

Digital enablement or transformation at the core is the organization’s overall performance boosting strategy to improve customer experience and existing business models through process digitization with key trending technologies with optimized talent manage ment resulting in improvement of 3 key pillars i.e. the operational process, business model, and customer experience.

According to you, how does digital transformation affect the security posture of any business?

As part of digital transformation, enterprises tend to adopt new technologies such as cloud computing, robotic process automation, and

AI & data science products that will provide a gate pass for new suppliers to enter the organization resulting in substantial changes to the organization’s security posture. As the security leader, it is paramount that CISO play an integral role throughout the journey by inculcating security at every checkpoint.

How is digital transforma tion impacting the job role and department responsibilities?

Optimized productivity with efficient resource management is one of the key benefits of digital transformation. With the advancement of technology such as RPA, employees can now move away from their manual processes. For example, automated payroll by HR, customer interaction through bots and AI, etc. will allow the business leaders to focus on other opportunities for improvement.

Specifically, what are the challenges and opportunities created by digital trans formation including IoT, cloud, and mobility, for chief security

officers?

Digital transformation presents plenty of opportunities to experiment with new innova tive technologies & tools during the process of digitization which will ultimately result in resource-centric issues.

The major challenge would be the lack of proper internal IT skills to manage the transformation skillfully. Another pushback is to have privacy and security concerns as most digitization efforts involve cloud transforma tion and deployment of data intelligence platforms resulting in data-centric issues.

In general, looking at the present and future technology landscape, what are the upside and downside of cyber security solutions?

With the right choice of solutions to enhance cyber resilience, there are many advantages such as enhancing the overall cybersecurity posture by protecting sensitive data and its resources, regulatory compliance, and improv ing brand trust and reputation. However, there are a few disadvantages as cybersecurity can be too expensive to set up and manage which will also result in increased complexity of the data flow.

At present, what are your expectations from cyber security solution vendors, channel partners, and consultants?

As a customer, we expect our cybersecurity suppliers to demonstrate that they adopt stringent security measures and must have detection capabilities to recognize their exposure to client infrastructure or data and take preventive steps of mitigating the risks of exposure in a timely manner.

At present, what advice or feedback or recommendation would you give cyber security solution vendors, channel partners, and consultants?

As a general recommendation, our cyberse curity suppliers are advised to build a strong understanding of region-specific regulatory requirements in connection to security and privacy before offering the services or solutions such as the Software as a Service (SaaS) model considering the data sover eignty & residency. ë

CISO PROFILE
“Optimized productivity with efficient resource management is one of the key benefits of digital transformation.”
13OCTOBER 2022
© 2022 Riverbed Technology LLC. All rights reserved. Illuminate, Accelerate & Empower Every Digital Experience Visit Riverbed Technology to explore two industry-leading portfolios that drive enterprise performance and exceptional digital experiences. With Alluvio™ Unified Observability, transform data into actionable insights to deliver seamless, secure digital experiences for customers and employees. With Riverbed Acceleration, provide fast, agile, secure acceleration of any app, over any network, to users everywhere. Learn more at riverbed.com. Riverbed. Empower the Experience Location: Concourse 2 – Stand CC2-26 Dubai World Trade Center 10th – 14th October 2022

SECURITY OFFICERS IN NEED OF CLOUD SECURITY EXPERTISE

Please describe your job role?

In general, the role of CISO at Al-Amthal Financing is an executive-level role, responsible for developing and imple menting risk-based information security programs that aligned with the business objectives and Risk Appetite Framework. The roles also include information security governance, information security architecture, physical security governance, data governance, and overseeing all IT and security operations. Moreover to ensure the safety of people, the privacy of personal data, Confidentiality, Integrity, and Availability of the business informa tion assets.

“The need for competencies and skills in cloud security, machine learning, artificial intelligence, and third-party management will be required in information security departments as a result of DT.”
CISO PROFILE
MOHAMMED FAYEZ ALSHEHRI Chief Information Security Officer, Al-Amthal Financing Co.
15OCTOBER 2022

What are the most important and critical aspects of your job role?

The most important aspects of the CISO role to ensure the effectiveness of the role from my point of view are including but are not limited to: clear segregation/independency between CIO/CITO and CISO role, clear and support ive authority matrix, effective and well-written roles and responsibilities and building strong and solid security governance followed by effective enforcement and monitoring.

What are the typical chal lenges faced by a chief security officer in large and medium enterprises?

There are many challenges faced by the CISO role, some of them as follows:

l With evolution of threat actors, they are getting smarter and faster.

l Expansion in the attack surface/threat

vectors; duo to the business becoming increasingly tech-savvy.

l Shortfall in information security talents and the high ratio of turnover among information security personnel at all levels.

l Compliance with national and interna tional cybersecurity, privacy, and data regulations and frameworks.

l Commitments and support from top management in the organizations.

l Keeping up to date with emerging technologies like FinTech and BlockChain, and the cyber threats or vulnerabilities that came alongside them.

What are the key skills required for an ideal chief security officer in this age of digital transformation?

With the emerging technologies and techni cal revolution nowadays including digital

transformation, processes automation, AI, BlockChain, cloud, and quantum computing which almost become essential for businesses to achieve successfully the customers’ satis faction and expected ROIs. CISO role com bines technical skills with leadership skills and good personal characteristics. Therefore, the following skills and characteristics shall be considered by anyone who wishes to hold a CISO role and be a successful CISO:

l Strong technical background

l Strong understanding of regulatory and legislative requirements

l Strong business acumen

l Robust communication skills

l Leadership skills

l Recruitment and Talent Management skills

l Research skills

l Risk Awareness

l Friendly and approachable

l Patience

l Commitment to ethics and due-care

l Supportive and being an added value

How do you define digital transformation?

I define digital transformation as a business enabler. It enables businesses to improve productivity and business continuity and minimize operation resources (people, time, and costs) through technology integrations and process automation. Rising the efficiency and accuracy of business operations by enabling data-driven decisions. Enhancing the customers’ experience and customer satisfaction. In addition, digital transforma tion reduces greenhouse gas emissions and enable a more circular economy.

In short, DT is enabling businesses to pro vide its services in a faster, smarter, cheaper, accurate, and sustainable way.

According to you, how does digital transformation affect the security posture of any business?

Of course, the Information security risk is an integral part of digital transforma tion. As digital transformations alter the organization’s attack surface, those changes need to be assessed for any security gaps. CISOs with companies undergoing digital transformations shall adopt practices to manage risks related to digital transforma tion. Noteworthy, many regulatory entities in Saudi Arabia like the Central Bank of Saudi Arabia (SAMA), National Cybersecurity

CISO PROFILE
16 OCTOBER 2022

Authority (NCA), and Digital Government Authority (DGA) have established strategies, policies, frameworks, and practices for digital transformations including security controls and requirements.

How is digital transformation impacting the job role and department responsibilities?

Digital transformation should not impact the CISO role and information security function’s responsibilities; as successful information security professionals are usually adapting with business and market need. With Digital Transformation, CISO roles and responsibili ties will be slightly altered, as responsibility for day-to-day security operations will be decreased, and participation in strategic, crucial business decisions will be at a greater level. The need for competencies and skills in cloud security, machine learning, artificial intelligence, and third-party management will be required in information security depart ments as a result of DT.

Specifically, what are the challenges and opportunities created by digital trans formation including IoT, cloud, and mobility, for chief security officers?

Opportunities created by Digital Transformation:

l More involvement of information security in business decisions as CISOs plays a critical role in successful digital transformation.

l Emerging information security is a strategic business issue, which will lead to more authority and influence.

l More enablement of information security.

l Minimizing operation costs.

Challenges created by Digital Transformation:

l More threat landscape which leads to more risk exposure.

l Monitoring of security posture.

l Device management, Security Keys management, API security management.

l More dependency on foreign/ global technologies, with no international regulations to ensure its availability and support even during international struggles.

l The need for constant monitoring.

In general, looking at the present and future tech

nology landscape, what are the upside and downside of cyber security solutions?

Cyber security solutions can give the company broad digital protection, which allows flex ibility in accessing the internet by the staff and ensuring the safety and protection from possible cyber security threats and risks. Cyber security solutions can provide trust and a sense of assurance, but it might be a false and deceptive feeling. Without business needs, sufficient integration between solutions, ease of admin istration, and right monitoring; cyber security solutions will represent complications and even lack of security.

At present, what are your expectations from cyber security solution vendors, channel partners, and consultants?

I expect vendors to provide solutions that can be integrated with other security technical controls, expect simplicity of the provided solutions, support when needed, understanding of the business needs and regulatory and legislations requirements, and pricing fit with the size of targeted customers. I expect partners and con sultants to understand the need in the market to be filled by them. I expect them to provide help when in need to enhance overall security posture. And to remember honesty, integrity, and trust are the fundamental characteristics to

establish and maintain a long partnership.

At present, what advice or feedback or recommenda tion would you give cyber security solution vendors, channel partners, and consultants?

I advise vendors, partners, and consultants to maximize their reachability for current and potential clients regardless of the size and/or industry of the client.

Cyber security solutions vendors shall con sider the client’s size in their pricing, and provide scalable solutions that can fit all businesses depending on their needs and size. In addition, vendors should maintain their customers’ suc cess by ensuring sufficient support is provided when needed, providing a health checks, fine-tuning, and ensuring the effectiveness of the security solutions provided. Cyber security solutions vendors need to consider compliance with Saudi Arabia’s cyber security regulations and legislation to maintain their clients in the kingdom. I recommend the vendors consider training initiatives on their security solutions on yearly bases which can be considered as part of the marketing strategy.

I strongly recommend and advise cyber security partners and consultants, to consider honesty, integrity, and self-monitoring all the time, and understand the pain and business need before providing consultation or services. ë

CISO PROFILE
17OCTOBER 2022

TOWARDS A MORE SECURE CYBERSPACE!

Please describe your job role?

Apart from establishing the necessary frameworks and processes to secure the organization’s digital assets, I’m also reasonable for overseeing security and governance practices within the organization in addition to enabling the practices for risk-free and scal able business operations within the organization’s landscape.

CISO PROFILE
“Setting up a sufficient InfoSec team that monitors and treats internal and external risks continuously and allocating the right resources is one of the biggest challenges for any organization”.
RASHID ALMUAWADA Head - Information Security, Ajman Bank PJSC
18 OCTOBER 2022

What are the most important and critical aspects of your job role?

Information security has always been and will always revolve around the three pillars of security (Confidentiality, Integrity, and Availability). Anything directly contributing to or impacting any of these three is considered a critical aspect.

What are the typical chal lenges faced by a chief security officer in large and medium enterprises?

With hackers and cyber risks arising globally, most CISOs find themselves overwhelmed with operational and regulatory processes that might deviate their attention from the real threat factors that lie outside their organiza tions. Setting up a sufficient InfoSec team that monitors and treats internal and external risks continuously and allocating the right resources is one of the biggest challenges for any organization, not only the CISO.

What are the key skills required for an ideal chief security officer in this age of digital transformation?

When it comes to digital transformation, CISOs need to be on top of the chain and understand that no organization can go forward without effectively evaluating and measuring,

l Domain

l Processes

l Business model

l Organizational/cultural aspect

Ideally, CISOs must use their expertise and skills to outline where the organization is at risk at every digital touchpoint, usually done by identifying where new technologies will be connected and the ways that different parties are interacting with it within the larger frame work. That’s where the CISOs understanding the business and its critical elements come into place. After all the CISOs are a business enabler and not a show stopper, we aim to approach issues in much secure and organized way.

How do you define digital transformation?

A journey that involves utilizing digital technologies to create new or modify existing business processes, culture, and customer expe riences to meet changing business and market requirements by focusing on 4 main elements:

l Empowering and educating employees

l Engaging customers

l Optimizing operations

l Improving overall services and products

According to you, how does digital transformation affect the security posture of any business?

The digital transformation that doesn’t involve security from the earliest planning stages will leave the organization open to some real cybersecurity risks. Here are some few things to keep in mind,

l Digital transformation increases exposure to attack by expanding the attack surface

l Digital transformation increases reliance on third-party suppliers

l Rushed digital transformation program mers may fail to protect what matters most

How is digital transforma tion impacting the job role and department responsibilities?

Many organizations still approach security in a static way that relies heavily on international standards and regulations, not to neglect the importance of such but the current security ecosystem requires us to be dynamic. More over, it adopts the latest technologies and services that enable accurate visibility of the organization’s external and internal assets. Training and awareness is a crucial part in the transformation, as a department the aim is to orchestrate and develop an agile and dynamic security program catering for such factors by adopting new technologies that support this journey and educating the people revolving around it.

Specifically, what are the challenges and opportunities created by digital transformation including IoT, cloud, and mobility, for chief security officers?

In general, the challenges would be summed up as follows:

l Involvement: Organizations need to involve information security from the beginning to avoid any unwanted risks arising from acquiring/implementing and developing a new product.

l Education and Awareness: Educate people on the importance of security in digital transformation.

l 3rd party/vendor: Securing the supply chain.

l Resources/capacity management: Security teams need to be up to date with regards to the cyber security scene globally, everything is now connected and can be exposed.

In general, looking at the present and future technol ogy landscape, what are the upside and downside of cyber security solutions?

Digital transformation involves doing more with technology. As organizations transform, they will use more cloud services, AI products, big data analytics, Internet of Things (IoT) devices, and more. This opens the doors for better services and faster connectivity in addition to better customer service, in turn, increases their exposure to cyber attackers who use the connectivity of these programs and services to access networks and exploit any vulnerabilities they can find.

At present, what are your expectations from cyber security solution vendors, channel partners, and consultants?

Although third-party collaboration offers a host of benefits such as increased speed, high efficiency, and greater agility. Several risks surround this collaboration and it may feel daunting to require suppliers to adhere to security standards, but vendor security is key to protecting the digital transformation. Supplier risk assurance should become a part of the procurement process for all vendors, from the chosen cloud provider to the simplest SaaS product.

At present, what advice or feedback or recommendation would you give cyber security solution vendors, channel partners, and consultants?

We realize the level of risk inflicted by engaging an insecure third-party service provider or a cloud service that increases the chances of reputational damage to an organization. As digital transformation processes are adopted across different industries, vendors must support their products and service by implementing secure digital practices to stay ahead of the crowd. ë

CISO PROFILE 19OCTOBER 2022

BUILDING A STRONG AND SECURE CULTURE

Please describe your job role?

The role focused on the development and implementation of cybersecurity strategy, roadmap, enterprise architecture, and governance while ensuring the national and international regulatory require ments have complied.

What are the most important and critical aspects of your job role?

Aligning cybersecurity to business objectives and goals while ensuring the smooth implementation of cybersecurity programs to safeguard the organization

from emerging threats and maintain business resiliency.

What are the typical challenges faced by a chief security officer in large and medium enterprises?

Developing a secure culture is a major challenge we face in numerous organiza tions due to a lack of understanding and importance of cybersecurity, along with those financial restrictions imposed by the board as cybersecurity consumes the cost from the operation expenditures to maintain the resiliency.

“Developing a secure culture is a major challenge we face in numerous organizations due to a lack of understanding and importance of cybersecurity”.
CISO PROFILE
20 OCTOBER 2022
DR. HUSSAIN ALDAWOOD Chief Information Security Officer, Arabian Drilling Company

What are the key skills required for an ideal chief security officer in this age of digital transformation?

As technology keeps evolving, cybersecurity officers need to evolve around taking the advantage of digital transformation. The position of CISO demands to have strategic and influential understanding by enabling & embracing change through digital innovation while breaking the silos to stay ahead and pace in the market.

How do you define digital transformation?

Digital transformation is making use of technology and integrating various functions to improve overall areas of business, funda mentally changing how we operate and deliver value.

According to you, how does digital transformation affect the security posture of any business?

Digital transformation brings immense value to the business and the flexibility with which it may operate. However, it also introduces numerous risks, for example, integrating your services using API for the public may

bring risks related to the data it’s being processed and so on.

How is digital transformation impacting the job role and department responsibilities?

It is easing the functional task to correlate with the help of integration and offering features to share the common services and get the advantage of them at the same time.

Specifically, what are the challenges and opportuni ties created by digital transfor mation including IoT, cloud, and mobility, for chief security officers?

From the perspective of the services, the value being added is immense. However, the challenge remains to adhere to the security principles as the focus of digital transformation is to expedite the process and offer greater value, but it’s been done at the expense of exposing the security.

In general, looking at the present and future technology landscape, what are the upside and downside of cyber security solutions?

Technology always helps to ensure that the

controls are extremely effective, and the only challenge is the lack of expertise available to manage such complex technologies.

At present, what are your expectations from cyber security solution vendors, channel partners, and consultants?

The solution vendors need to invest in their research and development and must be up to date with the latest and emerging threat vectors as organizations like ours and experts are relying on them to apply the controls to safeguard our security posture.

At present, what advice or feedback or recommendation would you give cyber security solution vendors, channel partners, and consultants?

I would appreciate it if all vendors can make the learning of their products free instead of paying for their training because eventually, they are gathering the financial benefits from helping organizations to apply their solutions. It would only help the community to develop more expertise and provide the opportunities at the same time to learn, grow and apply. ë

22 OCTOBER 2022
CISO PROFILE

Your SASE - safe digital transformation partner Cloud first and future focused, to the EDGE & beyond

Play safe across blurring boundaries Cloud First, SASE, Sovereign, NOC & SOC Global Command Centres

Dare to dream big, even as you stay grounded, secure and cyber secure Network Operations Center (NOC) and a Security Operations Center (SOC)

The right partner for cybersecurity and compliance in the Cloud that aligns with your unique business goals to the edge and the Future.

Global IT solutions provider since 2000 Trusted by 1000+ clients in 15 countries.

Now, an “Emerging solutions leader in Cloud and Edge technologies” Get in touch with us marketing@3i-infotech.com www.3i-infotech.com

CLOUDQUALITY ASSURANCE DATA INSIGHTS SASE 5GCOGNITIVE COMPUTING

CYBER ATTACK VS.DATA PROTECTION

Please describe your job role?

My job role includes managing the day-to-day Cybersecurity operational activities, technical risk management, implementation of security solutions, and vendor management.

What are the most important and critical aspects of your job role?

The most critical part of my job role would be to ensure end-to-end protection of data and assets in the infrastructure against rapidly changing threat vectors, especially when considering the

extended attack surfaces of the organization in the recent past.

What are the typical chal lenges faced by a chief security officer in large and medium enterprises?

Apart from the traditional challenges, there are many new areas of challenges where organiza tions are largely adopting cloud-based solutions and infrastructure, which demand organizations to extend the areas to be protected and to be compliant with their existing governance policies.

Also, since the post-pandemic, there has been a

“In the current threat landscape, the adaptation of the latest technologies and improvisation of methodologies
CISO PROFILE
JIJISH GOPI Cyber Security Officer, Dubai Government Entity
24 OCTOBER 2022

drastic spike in the threat levels towards these widespread infrastructures where there are more challenges in securing remote end users.

What are the key skills required for an ideal chief security officer in this age of digital transformation?

The major skill required would be to plan and execute the pre and post-requirements for the digital transformation. The most important part is the discovery of business processes and assets for mapping into the technology so that the right solutions can be adapted to achieve the goal. Since digital transformation is a major cultural change in the overall company, engag ing and training the employees to adapt to the new changes is very critical.

How do you define digital transformation?

In a simple sentence, it is a change that companies adapt to their environment to ease their business process by combining various technologies which can help to speed up and automate the business processes.

According to you, how does digital transformation affect the security posture of any business?

In my opinion, digital transformation will help organizations accelerate their processes and procedures. As a result, businesses will be able to achieve and deliver their objectives with greater ease and speed.

How is digital transforma tion impacting the job role and department responsibilities?

In fact, digital transformation will help the job roles to improve their overall efficiency and will help to ease the efforts to deliver the expected outcome of each process. This will emphasize organization’s need to improve the existing skillsets in the departments and create new job roles.

Specifically, what are the challenges and opportunities created by digital transformation including IoT, cloud, and mobility, for chief security officers?

The digital transformation has created a bigger platform for technologies to work collabora tively to achieve business goals. This will assist organizations in thinking more creatively and effectively about improving processes so that new business strategies can be rolled out successfully to expand their business streams and add new portfolios. There are challenges related to the initial planning, implementation, skills shortages, increased dependency on the technology vendors, etc.

In general, looking at the present and future technology landscape, what are the upside and downside of cyber security solutions? In the current threat landscape, the adaptation

of the latest technologies and improvisation of methodologies are very critical. In the current scenarios, adversaries are reported to be using the latest machine learning and artificial intelligence technologies to compromise their targets. Hence, to confront such situations, continuous refined innovation and improvisa tion must be a part of every cyber security technology and methodologies. Having said that, the compatibility and adaptability of those technologies could be a challenge.

At present, what are your expectations from cyber security solution vendors, channel partners, and consultants?

The majority of the customers are expecting the vendors to provide them with innovative technologies that are capable and flexible enough to incorporate and deliver protection and detection against the drastically changing threat landscapes.

At present, what advice or feedback or recommenda tion would you give cyber security solution vendors, channel partners, and consultants?

From the client’s perspective, we would be expecting a solution provider rather than just a traditional box seller who provides continuous and flexible support against cyber threats to achieve a cyber-hygiene environment to grow the business for everyone. ë

CISO PROFILE 25OCTOBER 2022

THE CHALLENGING ROLE OF A CISO!

Please describe your job role?

I am working as a Chief Information Security Officer and I am an expert in Cyber Security skills. I have professional-level skills in relevant Cyber Security policies, different data protection techniques, and protective measures. In my job, I manage Network Monitoring, whole infrastructure, and IT Security including incident management and forensics especially in business and corporate settings. I am also working with multiple systems such as Vulnerability Management (Vulnerability Scans and Web App Scanning), Network Security and Monitoring, Cloud Technologies, etc.

What are the most important and critical aspects of your job role?

The most important and critical aspects of my job as a Chief Informa tion Security Officer are as follows:

l Managing business continuity and disaster recovery

l Promote a culture of strong information security

l Managing vendor relationships

l Utilizing cybersecurity budgets effectively

Overseeing cybersecurity personnel within the organization

l Cybersecurity awareness and training

“With continuing digital transformation, the focus of the CISO is shifting, and the role is quickly becoming more tactical and prominent”.
CISO PROFILE
l
MUATH ALHOMOUD Chief Information Security Officer, Smart Digital Payments (FinTech)
26 OCTOBER 2022

What are the typical challenges faced by a chief security officer in large and medium enterprises?

The Typical challenges faced by a Chief Information Security Officer are as follows:

l Implementing and overseeing your organization’s cybersecurity program

l Aligning cybersecurity and business objectives

l Reporting on cybersecurity

l Monitoring Incident Response Activities

l Managing business continuity and disaster recovery

l Promote a culture of strong information security

l Managing vendor relationships

l Utilizing cybersecurity budgets effectively

l Overseeing cybersecurity personnel within the organization

l Cybersecurity awareness and training

What are the key skills required for an ideal chief security officer in this age of digital transformation?

l Data Analytics, Software Development, Machine Learning, Data and Digital Security, Mobility Management, and Leadership Quality

l Compliance

l Governance

l Risk management

l Incident management

l HR management

l Additional domains

How do you define digital transformation?

Digital transformation is a modern concept that can take a customer-driven, digital-first approach to all aspects of a business, from its business models to customer experiences and to processes and operations. It uses Artificial Intelligence, automation hybrid cloud, and other digital technologies to influence data and drive intelligent workflows, faster and smarter decision-making, and real-time response to market disruptions.

According to you, how does digital transformation affect the security posture of any business?

There are a lot of things and concepts which

can affect Cyber Security and Information Security postures by using digital transforma tion. As we know customer expectations have been a prime driver in digital transformation. It starts when a rush of new technologies made new kinds of information such as:

l Mobile devices

l Social media

l The internet of things (IoT)

l Cloud computing

How is digital transforma tion impacting the job role and department responsibilities?

This is a very broad concept, digital transfor mation affect different job roles in a variety of manners such as remote working platforms, HR management, Sales, Marketing, Finance, and more. Each aspect of a business can be digitally transformed and made more efficient by streamlining it.

Specifically, what are the challenges and opportunities created by digital transformation including IoT, cloud, and mobility, for chief security officers?

Digital transformation has become an important initiative for many businesses and organizations, especially it has facilitated cloud technologies. As Cyber Security is the key concern of Digital Transformation, so it is the utmost responsibility of the Chief Infor mation Security Officer (CISO) to overcome all the problems of Digital Transformation connected with Cyber Security.

But as companies are growing faster and their development is taking steps into digital transformation and developing their IT infrastructure, the risks are changing, too. In a cloud-native world, developers push new code to production continuously. Organiza tions deploy applications via containers or functions in a matter of minutes, rather than days and weeks.

Usually, the CISO’s role has been to protect the organization from cyber threats and minimize risks that are associated with it but, with continuing digital transformation, the focus of the CISO is shifting, and the role is quickly becoming more tactical and prominent. Today, the role of the CISO is determined not only by whether the business hurts and losses because of a data breach but

also by how security preempts new initiatives and makes it possible to bring services and applications to market faster.

In general, looking at the present and future technology landscape, what are the upside and downside of cyber security solutions?

Upsides of Cyber Security Solutions

Protects personal information, protects and enhances productivity, prevents crashing of websites, support IT professional, organize data and information more effectively, threat reduction, compliance, and information governance.

The Downside of Cyber Security Solution

High-Cost of cyber security, the complicated nature of cyber security, the need for constant monitoring, difficulty in setting up the firewalls properly, slow down the system, and to preserve security updates.

At present, what are your expectations from cyber security solution vendors, channel partners, and consultants?

Channel firms, whether new to or expe rienced with cybersecurity, must avoid numerous pitfalls when purchasing security products. Channel partner executives who have successfully built cybersecurity practices said the key is to do your due diligence and keep your customers' needs in mind. For partners new to the security vendor landscape, it is advised that first talk to your customers about their specific needs. Partners should then research security products on social media so "you can hear practitioners talk about what's actually working for them."

At present, what advice or feedback or recommendation would you give cyber security solution vendors, channel partners, and consultants?

The important feedback or recommendation is that a lot of current cybersecurity solutions are addressing problems for many years and do not have a cloud model. They are not following the proper cloud models, so it is necessary to follow proper cloud practices in order to avoid Cyber-attack. ë

CISO PROFILE 28 OCTOBER 2022

10-14 OCT 2022 DUBAI WORLD TRADE CENTRE

SHOW TIMINGS: 10 Oct - 11am to 5pm | 11 - 14 Oct - 10am to 5pm

THE WORLD’S LARGEST & MOST INFLUENTIAL TECH + STARTUP EVENT

NEXT

hype, it’s here.

Believe the
ENTER THE
DIGITAL UNIVERSE GET YOUR EVENT PASS
DIAMOND SPONSOR PLATINUM & LANYARD SPONSORTECHNOLOGY & DIGITAL PARTNER GOLD SPONSOR GOLD SPONSOR ATTENDEES BADGE SPONSOR INNOVATION PARTNER MAJLIS LOUNGE SPONSOR CONNEXIONS LOUNGE SPONSOR SILVER SPONSOR NEW NEW

BUILDING RISK MITIGATION SKILLS FOR THE FUTURE?

“Candidates must have sufficient experience dealing with security incidents and leading security operations at the mid-management level to be considered suitable for the CSO role.”
CISO PROFILE
ABDULLAH S. MARGHALANY CISO, Madinah Health Cluster
30 OCTOBER 2022

Please describe your job role?

I am working as a Cyber security chief officer. We just establish our cybersecurity depart ment and I am responsible to set up the team to build the strategy and make sure to comply with international law and guidelines in cybersecurity.

What are the most important and critical aspects of your job role?

Change Management.

What are the typical chal lenges faced by a chief security officer in large and medium enterprises?

How to make the users be your employee and change them from being the weak point in your system to being the biggest control.

What are the key skills required for an ideal chief security officer in this age of digital transformation?

Continuous learning, adapting to the changes, listening to the employee, and knowing what and when they will invest (what kinds of tools he should buy). The CSO typically requires a combination of technical and soft skills to suc ceed in the job. Sound knowledge of security systems, computer networks, programming languages, cybersecurity hardware, and software is essential.

Strong research competencies are required for risk mitigation and regulatory compliance. Analytical thinking and problem-solving skills are necessary for incident response and crisis management.

Strong communication skills are essential to deal effectively with a variety of stakeholders, both internal and external. These include law enforcement agencies, homeland security, internal management, and employees of differ ent departments.

Leadership and management skills are also a must, given the seniority of this role. Candidates must have sufficient experience dealing with security incidents and leading security operations at the mid-management level to be considered suitable for the CSO role.

How do you define digital transformation?

Digital transformation is changing the business process and culture by using technical tools.

It is the exploitation of technology to achieve business goals and implements policies.

According to you, how does digital transformation affect the security posture of any business?

It is a big challenge but it is a chance to share with a business owner the risks and make the decision together.

How is digital transformation impacting the job role and department responsibilities?

It makes the role easier and faster with high quality and it helps for monitoring and review ing by using digital like implementing access management technology to assign and control the access to digital assets. Organization poli cies also speeds up the process and protects the employee from some human errors and there are some concepts that we can easily imple ment by using technology, like least to know and separation of duties.

Specifically, what are the challenges and opportunities created by digital transformation including IoT, cloud, and mobility, for chief security officers?

The heavy usage of these components without

making sure it is safe or without following the difficult conditions.

In general, looking at the present and future technol ogy landscape, what are the upside and downside of cyber security solutions?

The upside is the interest and concerns from businesses and governments about cybersecu rity. The downside is all the tools you need to develop and implement to protect one system and of course, any security countermeasure will affect immediate convenience and the flow of the work.

At present, what are your expectations from cyber security solution vendors, channel partners, and consultants?

Training and awareness program for all people, more support and more transparency about the effectiveness of their product.

At present, what advice or feedback or recommendation would you give cyber security solution vendors, channel partners, and consultants?

Be honest and invest more in support and working with your clients. ë

CISO PROFILE
31OCTOBER 2022

END-TO-END SECURITY SOLUTIONS

Please describe your job role?

Careem takes the security of customers, captains, and colleagues very seriously and in this role, I help to ensure that we implement adequate security controls to keep the data secure and that we are compliant with privacy regulations across the markets we operate in. As an extended role, I am also the Business Information Security Officer of Careem Pay, the payment service arm of the business.

What are the most impor tant and critical aspects of your job role?

The most critical aspect of my role is to ensure that we at Careem build strong protection and security controls around the data that we hold as part of doing our business. Doing so in a way that is both compliant, and honors the commitment we have towards our customers, captains and partners. At the same time allow the business to operate at scale and bring to market new offerings and product features that are both challenging and invigorating.

What are the typical challenges faced by a chief security officer in large and medium enterprises?

In this rapidly changing digital landscape, Chief Security Officers face several interesting challenges. In fact, the multiplying threats in themselves present a big challenge to any CSO, be it the threats from the uncontrolled use of BYOD, insider threats, ransomware attacks, and attacks against the crown jewel of most businesses - the data. Being able to

DR. SRIJITH NAIR Director of Data Protection & Privacy Engineering, Careem Networks FZ LLZ

CISO PROFILE 32 OCTOBER 2022

How do you define digital transformation?

balance investments in security across these existing and new and emerging threats, while at the same time educating the business on the importance of security hygiene and the ability to respond to security incidents presents complex challenges. Security is often seen as a black box by the business and the ability of a CSO to unpack this and provide the necessary visibility to the C-level and to the Board often means the difference between the success and failure of security programs.

What are the key skills required for an ideal chief security officer in this age of digital transformation?

Without saying, the CSO needs to have deep expertise in information/cyber security topics. In addition, the individual should be able to make a risk-informed decision on both technical and non-technical controls needed in the organization. An idea skillset would also include the ability to influence the broader culture around security across the organization. The ability to strategically place security as an enabler to the business would be of utmost importance in this age of digital transformation..

The reimagining of business (processes, culture, customer experience, and innovation) in the digital age to be relevant in the future.

According to you, how does digital transformation affect the security posture of any business?

Digital transformation often involves a rethinking of process and technology. Security needs to be in sync with this transformation to not only ensure that new risks are mitigated but also to ensure that we are equally able to leverage this opportunity to rethink security.

How is digital transformation impacting the job role and department responsibilities?

Digital transformation enables the business to move at a faster pace and bring products and services to market faster. This directly impacts the role and security department’s responsibilities. Not only do we need to be able to move as fast as the business but at the same time, Security should also be trusted to highlight risks that have the potential to endanger the business.

Specifically, what are the challenges and opportu nities created by digital transformation including IoT, cloud, and mobility, for chief security officers?

Cloud provides the opportunity to redesign security by leveraging the capabilities pro vided by the cloud providers, augmented by the in-house capability of the enterprise to build a secure scalable infrastructure for the business. IoT and mobility transformation programs provide a similar opportunity for security officers to re-envision a secure environment for such enabling technologies.

In general, looking at the present and future tech nology landscape, what are the upside and downside of cyber security solutions?

Most cyber security solutions are able to not only provide means to implement technical controls but also help explain the security posture improvement and some form of return on investment metric to showcase to the business. A downside of some of the solutions is that they are very specific and cover a niche area of focus, preventing the business from adopting a solution that provides broad coverage that also reduces overheads introduced by such solutions.

At present, what are your expectations from cyber security solution vendors, channel partners, and consultants?

Given the range of security problems that CSOs have to manage, it is imperative that the services and solutions provided are comprehensive and fit and work together. The ability to mix and match the features that an enterprise is interested is important to CSOs. The ability to provide a single pane of glass view across products and product features is also an important consideration for the CSOs.

At present, what advice or feedback or recommendation would you give cyber security solution vendors, channel partners, and consultants?

Same as above. ë

“Most cyber security solutions are able to not only provide means to implement technical controls but also help explain the security posture improvement”.
CISO PROFILE 33OCTOBER 2022

WHY DO WE NEED TO BE AWARE OF INCREASING THREATS IN THE DIGITAL WORLD?

Please describe your job role?

Majid Al Futtaim is a Dubai-based, regionally focused lifestyle conglomerate with a range of businesses including retail, malls, mixed-use communities, hotels, cinemas, and entertain ment. As the leader of data protection in the company, I am the strategic architect leading the information security, data privacy, and data governance programs at the organization. I oversee the strategy for these programs and help build the core capabilities to support our business objectives.

What are the most important and critical aspects of your job role?

Having a signature customer experience is at the heart of Majid Al Futtaim’s ethos. As such, having an effective and defensible information security management program is essential, not only to comply with the data protection laws but also to safeguard the trust of our custom ers. Accordingly, the most critical aspect of my role as a security leader in the company is to guide the organization in managing informa tion risks affecting the ability to achieve business objectives by mitigating the associ ated financial, reputational, and regulatory implications. This is achieved by focusing on the following key aspects:

l Protecting the company’s information assets against threats and cyber attacks

l Supporting the organization in maintain

ing compliance with the ever-evolving data privacy regulations

l Ensuring that the data landscape is defined and that the underlying data is of high quality, accessible, and used in compliance with applicable laws and internal standards

l Ensuring resilience and business continuity

What are the typical chal lenges faced by a chief security officer in large and medium enterprises?

Some of the common challenges faced by chief security officers in today’s highly dynamic business environment are:

CISO PROFILE
“The rapid advancements in new technology and the adoption of digital solutions have meant that the responsibilities of security departments have increased greatly in recent years.”
ISSAM ZAGHLOUL Head of Data Protection and Governance, Majid Al Futtaim Holding
34 OCTOBER 2022
POWERING CODING INGENUITY THE WORLD’S LARGEST MEET UP FOR THE DEVELOPER & CODING COMMUNITY Supported by Featuring the inaugural Gold Sponsor Silver Sponsor Founding Partners 10-13 OCT 2022 DUBAI WORLD TRADE CENTRE For delegate group booking, call Fahad Khalife at: +971 4 308 6805 | globaldevslammarketing@dwtc.com #GLOBALDEVSLAM GLOBALDEVSLAM.COM Sebastian Ramirez Montano Creator Travis Oliphant Creator of NumbPy & Co-Founder Pablo Galindo Salgado Physicist & Software Engineer - R&D Python Infrastructurea Ketan Umare Co-Creator of Flyte, Co-Founder & CEO USA USA Germany UK TECH PIONEERS ON STAGE DON’T MISS OUT, GET YOUR DELEGATE PASS

Inventory: Maintaining a comprehensive inventory of all systems, APIs, and data is the foundation for prioritizing and deploying controls consistently in the environment. While it may sound trivial, it is often very cumbersome in medium to large organizations.

l Business involvement: Some Chief Information Security Officers are victims of their own success. Because of the trust that their organization is putting in them, business leaders sometimes do not get actively involved in strategic risk management decisions. Chief information security officers should stick to their roots and focus on guiding the organization in managing information security risks in coordination with all relevant stakehold ers rather than managing the risk on their behalf.

l Complexity: The IT environment contin ues to become more and more complex with the advancement in technology and delivery modes. Consequently and with the advancement in threat actors’ capabili ties, the security landscape is getting even more complex. Maneuvering these complexities, setting the right priorities, and being able to demonstrate to top management that the organization is doing enough continue to be a challenge for security leaders.

What are the key skills required for an ideal chief security officer in this age of digital transformation?

l Excellent communication with the ability to articulate concepts to technical and non-technical audiences at various hierarchical levels, ranging from board to IT specialists.

l A master of stakeholder management with exceptional interpersonal and collaborative skills. In particular, having persuasive skills and the ability to influ ence decisions even in situations where no formal reporting structures exist.

l Having top-notch technical know-how and keeping abreast with technology trends and advancements including security and other technologies.

l A dynamic lifelong learner who is willing to unlearn and upskill to stay relevant.

How do you define digital transformation?

Digital transformation is the use of data

and digital technologies to re-invent how businesses operate and deliver value to their customers to stay relevant in a connected and digitally empowered economy. It’s a paradigm shift in the perception of technology vis-a-vis the old perception of using technology to digitize existing modes of conducting business. An example at Majid Al Futtaim is our SHARE Rewards Programme, which re-invented the loyalty program as a complete customer value and lifestyle offering platform that leverages digital technology, data, payment services, and a network of partnerships.

According to you, how does digital transformation affect the security posture of any business?

Digital transformation entails collecting and processing more data, introducing innovative technologies which are often not in a mature state, and delivery at very high speeds. This sometimes leads to new and unexpected vulnerabilities. If done properly, the adoption of digital transfor mation can improve the overall security posture of organizations but if not, and the security functions are not aligned and fully integrated, it can lead to more blind spots and exposures.

How is digital transforma tion impacting the job role and department responsibilities?

The rapid advancements in new technology and the adoption of digital solutions have meant that the responsibilities of security departments have increased greatly in recent years. New threats are emerging every day and we need to always be one step ahead.

In general, looking at the present and future technol ogy landscape, what are the upside and downside of cyber security solutions?

There is a lot of convergence in the cyber tech nology market and increasingly we are seeing single vendors that can provide a wide spectrum of security solutions either through acquisitions or evolution into adjacencies. This is overall positive in terms of moving closer to a meaning ful single pane of glass for cyber situational awareness. However, many large organizations are not able to fully leverage this convergence due to the investments already made in their existing heterogeneous environments. Moving forward, solution providers should focus on transforming their systems to open platforms that can easily integrate with other technologies, including some of their competitors.

CISO PROFILE
C M Y CM MY CY CMY K 36 OCTOBER 2022

BLOCKCHAIN AND CYBER SECURITY: WHAT DOES THE FUTURE HOLD?

How do organisations get to apply Blockchain to secure assets? Does it have to be implemented in a big approach, baby steps, or follow a middle ground to allow organisa tions to adapt and understand the technology quickly?

Blockchain is a secure, immutable, decentralised ledger that can be used to keep track of assets. There are different types of blockchains for dif ferent use cases, so organisations must first analyse the problem they are trying to solve in order to be able to apply blockchain type accordingly.

Ultimately, however, the cryptographic properties of Blockchain ensure data security as it means the technology can securely store, track changes and manage assets.

In terms of implementation, a blockchain solution does not have to be executed in a big approach because immediate changes in the infra structure can pose significant risks to the organisation. For example, if an organisational wide implementation approach is adopted and the solution is not accepted or fails to achieve the expected outcome, that would represent a considerable waste of resources as the organisation would have to roll back all the services and transactions which were affected. This could result in business disruption and monetary loss. The recommended approach is to implement blockchain step by step and incrementally integrate it into existing infrastructure.

The decentralised nature of Blockchain makes it a peer-to-peer tech nology, and it requires specific expertise to fully understand and operate it. Because of this, it will be imperative for any organisation applying blockchain technology to give training to its employees.

SAMUEL UBIDO Cyber Security, Operational Technology Manager, Energy Industry

“If we look at the primary components of information security, which are called the Confidentiality, Integrity, and Availability or CIA triad, we see that blockchain technology aligns with these.”
38 OCTOBER 2022
CISO PROFILE

Glimpse of largest gathering of CIOs in UAE

CIO 200 Flickr

2022 ROADSHOW 15th SEP 2022 THE ADDRESS DUBAI MALL, SHEIKH MOHAMMED BIN RASHID BLVD – DOWNTOWN DUBAI FOLLOW US BROUGHT TO YOU BY

What is causing a delay in adopting Blockchain in the Energy sector? The old infrastructure, the way systems are designed, less expert resources, or broad resis tance due to lack of under standing of the technology?

In my opinion, there are multiple factors that are causing the delay in the take up of block chain technologies in the energy sector with one of the main being the lack of understanding of the technology as mentioned. Large-scale adoption in the energy sector will require highly skilled and qualified personnel. Because of the ever-evolving nature of technology, only a limited number of people currently have the skills to support it. As it is still in its infancy, the technology heavily depends on coding new algorithms, which is prone to errors. Though as the understanding of how to apply the technol ogy to large-scale applications grows and the technology develops, there is likely to be more rapid uptake in the Energy sector.

Secondly, blockchain systems demand higher

developmental costs, but, in many cases, they might not have competitive advantages against already existing infrastructure. For instance: Energy transactions are recorded in conven tional databases. These solutions are largely available, currently faster, and less costly to operate as compared to blockchain systems. In addition, old infrastructure is not compatible with blockchain infrastructure, and peer-topeer technology requires more resources, such as workstations and servers with higher specifi cations, which also makes it costlier.

Finally, in a distributed system architecture, it remains unclear who has the technical or legal responsibility in the case of any negative conse quences. Therefore, if there is an attack due to hardware or software bugs, there is no central authority to which consumers can address their complaints in the same way they can in current practice.

As a Cybersecurity Leader, where do you start to look for Blockchain to address typical challenges (is there

some prioritised list approach and steps to apply in such a situation?)

Based on my experience, there is a prioritised list approach to apply in mitigating cyber security risk, which includes analysing the threats faced by an organisation and applying a blockchain technology decision tree to:

1. Address the data integrity-related challenges

2. Address the trust and transparencyrelated challenges in sharing information

3. Address confidentiality-related issues using permissioned Blockchain

What are blockchain secu rity properties?

For me, there are some main security properties of Blockchain. The decentralised infrastructure, consensus mechanism, and cryptographic properties.

Blockchain's decentralised nature means that a single node failure will not affect the entire network, so the network's availability will not be compromised.

CISO PROFILE 40 OCTOBER 2022

The consensus mechanism refers to the pro cess of allowing a network of nodes to agree on action before it is carried out on the Blockchain. While in a centralised database, data can be corrupted or altered. This means that an admin in the system can easily amend or corrupt data. With Blockchain, however, data cannot be modified until a consensus is reached to verify transactions. In other words, users need to agree on an action or course of action before data can be amended. In this way, applying Blockchain to cybersecurity in areas such as decentralised voting, health, and scientific data collaboration, can ensure data integrity as the data is not easily altered or corruptible.

Blockchain cryptography refers to the nature of Blockchain to anonymise data to protect transaction information. Blockchain hashing can help authenticate software updates, which is a good cybersecurity practice due to the pro liferation of malicious updates that can allow hackers to access networks or devices.

As a Cyber Security leader, what will be your motivation for implementing a blockchain solution use cases in the energy industry?

At the Gulf Information Security Expo and Conference 2022 (GISEC), I explained the primary motivations, from my perspective, for implementing blockchain technology in security, which are transparency, reliability, and integrity. If we look at the primary components of information security, which are called the Confidentiality, Integrity, and Availability or CIA triad, we see that blockchain technology aligns with these.

If we look at the energy sector, IoT devices are being increasingly utilised to improve data analytics and process monitoring on sites. These devices come with security challenges, such as lack of encryption, incorrect access con trols, and insufficient privacy protections. As a result of these, they are prone to cyber-attacks. Blockchain can be used to create a secured network by assigning an individual blockchain ID to each IoT device. Due to the properties of Blockchain previously mentioned, namely its cryptographic properties and the decentral ised nature of the network, authentication can take place reliably without compromising data integrity.

There are various real-life examples of how cyber-attacks have disrupted the energy sectors in history. For example, On December 23, 2015, Ukraine's power grid was hacked, resulting in power outages for roughly 230,000 consumers in Ukraine for 1-6 hours. In this example, the utilisation of Blockchain could have reduced the impact of the attacks as Blockchain's decen tralised nature, which means that a single node failure will not affect the entire network, so the network's availability may not have been compromised.

How could Blockchain's advantage of anonymous ness strengthen collabora tion between nation-states and private enterprises to share detected attack vectors and early threats?

Blockchain is pseudo-anonymous in nature, which means that though the identity of the person making a transaction is not exposed, still all the transactions he is making can be linked to the same pseudonymous identity. This characteristic of blockchain technology can primarily help to strengthen collabora tion between nation-states and private enter prises to share detected attack vectors and early threats.

Private enterprises and nation-state mem bers can collaborate on a large scale to anony mously share detected attack vectors, early threats, corruption, or any law violation. At the same time, the authenticity of the infor mation can be improved by integrating multisignatures. Cryptographic methods can be applied to further authenticate the message sent by authorised entities and not tampered with by malicious attackers.

Additionally, due to this anonymity, private enterprises or any member will be free of fears or threats. This will improve the overall security and peace of nation-states and allow people of any sector to raise their voices in cases of wrongdoing. With this collaboration, the state can also prepare to handle situations more efficiently in time. Blockchain provides a shared tamper-proof single source of truth.

An incentive system can also be integrated into this collaboration, encouraging enter prises to fulfil their responsibility and col laboration with the state more effectively.

Conclusion

Blockchain offers excellent reliability, integ rity, and trust between the participants of any transactions and stakeholders of any appli cation area. The advantages of blockchain technology are undeniable. However, the introduction of Blockchain into any industry will require massive investment, so in order to avoid the loss of capital or considerable invest ments in the later stages, it is recommended that organisations implement blockchain technology step by step in their operational environment instead of a sudden 180-degree change in the process model. Additionally, the lack of expertise surrounding the technology means that the coding of new algorithms is prone to errors, however, as the development of new technologies progresses and uptake increases, the accuracy, and effectiveness of Blockchain will improve. In time, blockchain technology will be second to none for organ isations facing threats related to the integrity of data, reliability, trust, and transparency issues in their transactions. ë

CISO PROFILE
41OCTOBER 2022

ENTERPRISE SECURITY DASHBOARDS FOR CISO s

A strong differentiator for LinkShadow is its ability to merge all vendor driven security solutions onto a single dashboard providing an end-to-end management.

LinkShadow is a next generation cybersecurity analytics plat form designed to manage threats in real time with attacker behaviour analytics, to detect cyber and insider threats. It was founded in 2016 and is headquartered in the US.

As cyberattacks grow in volume and complexity, LinkShadow ana lytics powered by artificial intelligence is helping under-resourced security teams and network operations team stay ahead of adversaries.

Curating threat intelligence from different feeds, the LinkShadow platform uses advanced machine learning models for in-depth insights into the security infrastructure which helps to cut through the noise of daily alerts and reduce response times drastically

It is meant for organizations looking to enhance defences against advanced cyber-attacks, zero-day malware and ransomware, while gaining insights into the effectiveness of their existing security investments.

REGIONAL CHANNEL ACTIVITIES

Channel partners are a key part of a vendor’s go to market in any region. Fadi Sharaf El-Dean, Regional Sales Director, LinkShadow, points out that the vendor hires only the best calibre of partners whether as tech nical resources, professional services, consultants, system engineers. “We have an extensive channel network in the region, and appreciate direct engagement with them,” says Fadi.

At LinkShadow, the vendor has similar high standards of technol ogy proficiency for its employees. “We do have one mandatory rule,

they need to come from a strong technical background to be able to deliver the solutions demonstrations and go into technical discussions with the end user.”

That by itself has helped to give LinkShadow channel partners confi dence enough to take the vendor to their customers, feels Fadi.

LinkShadow channel partners are specialized in multiple areas. Fadi categorizes them as infrastructure and networking, managed security services, and security partners amongst others. There are also three partner levels, silver, gold, platinum.

Fadi also highlighted that engaging closely with channel partners and customers through round table discussions, face to face events and via digital platforms are part of their demand generations strategy.

LinkShadow encourages partners in providing the effective and suitable tools for attaining profitability and business growth. Further more, it offers an extensive platform for e-commerce to be self-reliant. LinkShadow benefits both the channel partners and their employeesindustry experts who are directly engaged on potential opportunities .

“We truly believe in the channel and partner value,” says Fadi.

PRODUCT DESCRIPTION

LinkShadow offers behavioural analytics and an extended threat hunting platform, covering network, assets, and users. LinkShadow is designed to hunt, detect, and stop internal and external threats. It could be both known or unknown, and this is done through its advanced machine learning algorithm.

COVER STORY
42 OCTOBER 2022
COVER STORY
FADI SHARAF EL-DEAN Regional Sales Director, LinkShadow
43OCTOBER 2022

The solution operates on-premises or in the cloud, as a virtual machine or an appliance hardware. Licensing can be one time, perpetual or sub scription based.

LinkShadow has three major modules and once onboarded a customer gets the three modules at no extra cost.

Behavioural analytics

The first module is the behavioural analytics module. With identity intelli gence and asset or discovery dashboards, the end user is empowered with end-to-end visibility on every asset in their environment. LinkShadow tracks unusual activities, monitors unusual traffic and suspicious connec tions. The solution can discover and categorize all the entities automati cally in the network. Risky insiders and users are visually highlighted with their analytics.

Applying a baseline to all users and entities and a risk score, they are positioned on a dashboard called the LinkShadow threat score quadrant. The SOC and remediation analysts take over to respond to these alerts based on their risk score and position in the threat quadrant.

Threat hunting

LinkShadow’s second module is the threat hunting module. It equips the end user with threat hunting capabilities, supported by an extensive machine learning algorithm running over an AI-powered engine.

This helps to detect the most sophisticated cyberattacks and visually maps them to the MITRE ATT&CK framework and cyber Kill Chain. LinkShadow analytics platform combats ransomware, security breaches, known or unknown attacks, advanced persistent attacks, amongst others. Moreover, the end users have end to end visibility and control over the machine learning algorithm and can build it further on their own.

CXO visibility and insights

LinkShadow’s third module is the insights module for CXO visibility. The purpose of this module is to give the C-level management, visibility into real-time compilation of the overall security status of the entire network and the capability to dive into details. They will get a performance-based analysis of all security investments to identify and monitor security met rics of importance to them and enhance their decision-making capabili ties. And all of this through a unified display.

This module provides a unique form of giving individual reports from each cyber security vendor in use across the organization.

LinkShadow provides an API plugin store for almost all cybersecurity vendors, free of charge. Each cybersecurity vendor serves a different integration purpose and different use case, empowering the LinkShadow appliance with its findings and even enforcing action to be taken through the vendor solutions.

“We have bidirectional integration with most trending SIEM tech nologies out there in the market,” says Fadi. This includes Splunk, QRadar, Micro Focus, LogRhythm, and others. “We complement the SIEM tech nology and make it work in a better way by eliminating false positives and noisy alerts.”

LinkShadow also integrates with network access control (NAC) solu tions including Forescout, Cisco, Fortinet and upon detection of a mali cious activity LinkShadow network detection response (NDR) responds through the third-party integration and supports with intelligent threat detection.

If the customer has a technology for which LinkShadow does not yet have an API in its plugin store, they can open a ticket and LinkShadow would communicate directly with that vendor.

“We initiate the process, trade VMs, licenses to do the integration, and create the use cases together. We validate the integration and this whole process takes two to three weeks between both teams,” explains Fadi.

“We have a competitive edge with these three modules as no vendor can fulfil all three, together. There are vendors who overlap but no headto-head competition,” says Fadi.

CISO PAIN POINTS

LinkShadow solves a lot of pain points for cybersecurity managers. One of them would be the noisy SIEM alerts. According to Frost & Sullivan, a fine-tuned SIEM would raise between 100-120 alerts a day inside a mature enterprise.

COVER STORY
LinkShadow plug-in store for integration.
44 OCTOBER 2022

“This is just simply too much for a SOC analyst to handle on a daily basis,” says Fadi. Security analysts can deploy the LinkShadow analytics platform to prioritize these alerts using the advanced machine learning algorithm. This is a far more efficient method than going through each of those alerts one by one.

In recent times, there has been a 600% increase in IoT related attacks and web threats such as malware, ransomware, even phishing attacks are dominating the threat landscape. The role of a CISO is to ensure that all aspects of the security strategy is controlled for a scalable and low-risk business operations. LinkShadow’s Management Dashboard which is completely configurable provides CISOs a holistic view of the security posture and enables prioritized decision-making.

“We address all of these CISO challenges through the three modules,”

indicates Fadi.

Using LinkShadow, with a single pane of glass, the CISO can view the security posture for the entire organization and compare it periodically, to enhance their decision-making capabilities. They can also identify the key security metrics of importance to the organization and present the key security matrix in a distinct manner.

Another dashboard that is of strategic importance to the CISO is the display of the BlockCount Ratio dashboard. This dashboard presents the blocking effectiveness of each security solution in protecting the enter prise versus the investment value.

“Wouldn’t you as a CISO like to know whether the technologies that you acquired are doing their job or not compared to the value they paid for? The answer would most definitely be yes, of course,” says Fadi.

COVER STORY
45OCTOBER 2022

REGIONAL INNOVATIONS

LinkShadow recently opened its second research development centre in Dubai and its UAE office, seating close to a hundred employees. The purpose is to support GCC customers in terms of customization and enhancement requests that are not limited due to constraints of the US time zone

However, LinkShadow is opening its regional headquarters and META operations hub in Riyadh. This is a reflection of its commitment to end customers, channel partners and its alignment with Saudi Ara bia’s Vision 2030.

In terms of event participation, LinkShadow participates in megaevents like the RSA Conference, GISEC, and GITEX. “Every year we like to come up with a ground-breaking feature and we call it a game changer or a wow factor that defines us from other competitors,” says Fadi.

Last year, LinkShadow announced and demonstrated their AI-pow ered engine feature that has empowered end users with the liberty to manage their end-to-end process from data collection to detection and then visualization. The end user can collect data from their environ ment, create their own machine learning algorithm model, and then visualize detections the way they want by using reports or widgets.

At GITEX 2022, the announcement is going to be all about the Metaverse and the attack surface. Lateral movement is a key part of the life cycle of an attack, where threat attackers move from one system to another probing for vulnerabilities and moving closer and closer to the crown jewels of an organization.

“This is simply called lateral movement, AKA the life cycle of an attack,” says Fadi.

LinkShadow will demonstrate the life cycle of an attack and the attack surface, tracked through its dashboard, and viewed through a Metaverse like environment.

LinkShadow’s Metaverse solution demonstrates through augmented reality graphics, entry points, gaps, vulnerabilities, how the attacker will be able to infiltrate into the organization, and exactly what else they

can do. All these movements are demonstrated on the LinkShadow dash board, through a reliably rich virtual space.

“During the demonstration you are wearing the LinkShadow branded VR headset, holding two controllers and you can see the attack surface entry points and points of breaches,” explains Fadi about the setup at GITEX 2022. “We going to bring to our customers and partners a valuable ‘first-hand’ experience of this new feature.”

This powerful representation using the Metaverse platform can also help bridge the gap between the CISO, the Board, and top execu tive CXOs. With such forward looking solutions both regional chan nel partners and enterprise end users can benefit through deep engagement with LinkShadow. ë

COVER STORY
LinkShadow Next-Gen Cybersecurity Analytics Platform Ecosystem Attack surface dashboard.
46 OCTOBER 2022

UAE

Brought to you by

cpcaworld.com #cpcaworld 09 DEC -

VOICE YOUR CONCERN FOR A ROBUST FUTURE

A great risk and cybersecurity threat may occur due to the communication gap between security or digital transformation consultants and managerial executives.

BYLINE EXPERT
ANDREW SCHUMER Director, Cyber and Digital Transformation, Grant Thornton
48 OCTOBER 2022

Please describe your job role?

As the Director of Cyber and Digital, I am primarily responsible for our client's digital and security journey and our team's contin ued dedication to excellence. I am bringing together the traditional exclusive silos of digital transformation and cybersecurity while ensur ing we are doing our best to provide technically sound and secure services to the rest of the firm.

What are the most impor tant and critical aspects of your job role?

Besides keeping current on technologies, trends, and breaches, it is pivotal to build awareness around inclusive, collaborative communication continuously. It doesn't matter how technically sound the security or digital transformation consultant is; if they cannot voice their concern, or describe the value they bring, then none of that expertise will land cor rectly, and in the case of cybersecurity, major incidents will occur.

What are the typical challenges faced by a chief security officer in large and medium enterprises?

a. Identifying the cyber landscape to prepare CapEx and OpEx budgets around. It is vital that the Business or Enterprise is aware of its actual challenges and threat landscape, however, once this is done, navigating the overwhelming number of services, products and devices is extremely complex. Expensive isn’t always better, and cheap isn’t always the best option.

b. Building a core team to execute the vision and strategy is also complex, simply having the equipment and services, still requires operational management and implementa tion. Identifying skills that fit the culture, and the expectations and assistance the CISOs achieve their goals as a team is an extremely complex exercise, made even more under a budgetary constraints.

What are the key skills required for an ideal chief security officer in this age of digital transformation?

Once the essential technical background has been reviewed, and by that it’s certainly not just the education but implementation and expertise as well, then it is almost imperative

that softer skills come into play. Communica tion, management, and leadership are keys to implementing and maintaining a clear security posture inside the enterprise and help align the risk with the business goals.

How do you define digital transformation?

Digital Transformation is the ability to enable businesses and organizations through the use of advanced technical capabilities via integra tion, adoption, and implementation. As a statement, this is quite a mouthful but it really covers the use cases for implementing massive ERP solutions all the way to a simple cloud backup solution.

According to you, how does digital transformation affect the security posture of any business?

It is a vital piece of the puzzle when it comes to security. Of course, it opens the business up to a larger threat landscape, however, it also offers fundamental opportunities to close gaps that would be there without it. Digital Transforma tion and Cybersecurity should be looked at from a single point, rather than the separate silos we see traditionally.

How is digital transforma tion impacting the job role and department responsibilities?

It is highlighting the need for integrating tech nologies into our everyday life. We no longer have to convince large-scale enterprises of the need of certifications and compliance. These are now taken for granted, however, there is a much heavier dependency on computer literacy throughout organizations as they are expected to interact with many more apps, services, and digital products.

Specifically, what are the challenges and opportuni ties created by digital trans formation including IoT, cloud, and mobility, for chief security officers?

Ensuring the upstream and downstream security and integrity of traffic in the network are a primary concern. Data integrity and protecting the IP of the enterprise is certainly up there as well. The issue with the technolo gies mentioned are that they are all unique in their setup and as such offer various challenges

in securing. The opportunities are that as technologies evolve and mature, we are seeing a much more defined need for mobility solutions using technologies such as IoT, and as such this improves security as well. Solutions such as MDM and soft client access are all ways in which these can be worked with.

In general, looking at the present and future technol ogy landscape, what are the upside and downside of cyber security solutions?

Cybersecurity solutions are extremely fragmented. Each solution provider covers some area very well and that slightly overlaps with the other solution provider who does it in a slightly different way and these solutions don’t provide that layered view on how useful they are from a bespoke perspective. So the spend and need are often obfuscated in supplemen tary budgets and get overlooked. The future is certainly becoming more connected and more interesting however we need to ensure that the decision-makers are educating these vendors on the Business Value of solutions, so this can be the driving factor.

At present, what are your expectations from cyber security solution vendors, channel partners, and consultants?

Very specifically there should be a a rational curated risk approach to their clients. This will allow a more transparent security overview and help CISOs with their need to integrate solutions into budget.

At present, what advice or feedback or recommenda tion would you give cyber security solution vendors, channel partners, and consultants?

There is a tendency to negate other solutions in the market and I think that comes from the traditional technical background. It is never possible, for example, to have new software developers on a project to agree on how older software developers on that same project approached the problem. We need to be more inclusive and understand the approach that we all take to rectify the problem. This means we will begin to share the intelligence with each other and work together to improve security as a domain . ë

BYLINE EXPERT 49OCTOBER 2022

SECURITY CHALLENGES IN A DIGITALLY TRANSFORMING WORLD

Please describe your job role?

I have and I suspect, a unique role in which I have the opportunity to be both internal and client-facing. I have some input into our internal cyber services and tools for the protection of our ecosystem, while at the same time engaging with CIOs and CISOs across the UAE and wider GCC to advise them on the challenges they face in ensuring that their digital transformation meets their needs and is secure.

What are the most impor tant and critical aspects of your job role?

Broad knowledge of current and potential future solutions from both technology and cyber perspectives – both are tied inextricably to each other - to advise and implement relevant outcomes for my team and clients.

What are the typical chal lenges faced by a chief security officer in large and medium enterprises?

The past few years have basically been chaos for both the CIO and CISO/CSO. The rush to move from on-premises to remote and to hybrid has resulted in a technology stack – IT and Cyber – that potentially isn’t performing as it should, is not used to its full functionality, or is redundant. The biggest challenge at the moment is rationalizing those stacks while keeping an eye on new products coming to the market to meet changes in regulations while providing a competitive advantage.

What are the key skills required for an ideal chief security officer in this age of digital transformation?

Subject knowledge – broad not narrow; Com

munication at all levels; Thought leadership; Fearless advice to the executive of the current state of their environment, the threats to that environment, and the steps required to meet existing and new threats and regulatory requirements.

How do you define digital transformation?

I suspect that a different answer to this question would be provided by everyone who is asked this question. To me, it is the ability for an organization to adopt not only technology but also process and people to meet their identified transformation goal.

Digital transformation for one organization may mean something completely different to another entity – all based on their journey and where they are along that path.

According to you, how does digital transformation affect the security posture of any business?

Unfortunately, there have been too many examples of digital transformation planning being conducted in a silo or without detailed input from the security team. This has led to a disconnect within the entity and potential vulnerabilities to the organization’s ecosystem.

The changes in the way we work have meant that we have implemented new and great tools to facilitate this change, but it has also provided a greater attack surface for actors to exploit and compromise the organization’s ecosystem. Close and consistent engagement across all stakeholders within the organization is required to ensure security is implemented in conjunction with any transformation project.

CISO PROFILE
50 OCTOBER 2022

How is digital transformation impacting the job role and department responsibilities?

It requires that the roles and responsibilities of the team within the department need to expand not only in their capability but more importantly in their understanding of the business approach and technologies being implemented as part of the digital transforma tion process. I see teams moving to a more multi-disciplinary approach to deal with this change.

Specifically, what are the challenges and opportunities created by digital transformation including IoT, cloud, and mobility, for chief security officers?

I have been fortunate to have experienced these firsthand so have some feel about the impact that they are having on the CSO. Challenges are inherent in any role and the CSO is faced with these on a daily basis – it is their ability to understand these challenges and be able to deal with all stakeholders within the organization, but I see that ensuring that security is being considered within the transformation process as being the main challenge.

The opportunities are a mirror of the

stack is either not being used to its full potential, there are potential vulnerabilities as a result of this rapid development and production, and/or organizations have applications that they don’t really need any more as their environment has evolved.

b. On the upside, the previous point allows the CSO to rationalize their tech stacks, conduct assessments on their functionality and use, conduct a digital risk quantification exercise that includes looking at current and future requirements to meet the evolving threat and regulatory requirements. This is to understand how they can either adjust their current ecosystem to meet these requirements and/or adopt emerging technology to meet emerging threats. So the upside is that the CSO has the opportunity to put the department at the forefront of the mind of the C suite and board through these exercises and provide them with the confidence that their ecosystem is as protected as it could and should be. Moreover, the security department has close links to the digital transformation team to ensure security is being implemented in all new initiatives.

challenges and they allow the CSO to provide the organization with tools, business cases, and quantitative analysis of any transformation – if the CSO can save money, keep the ecosystem secure while at the same time building his own tech stack – then that’s a win-win for everyone. In the Middle East, we see the move to the cloud as a priority and the arrival of the major CSPs has meant that this needs to be a focus of all organizations, which has in reality been pushed forward by the pandemic.

In general, looking at the present and future technol ogy landscape, what are the upside and downside of cyber security solutions?

I always like to finish on a positive note so I will address the downside first. a. The past couple of years has meant, in most cases, an increase in tech stacks across the board – IT and Cyber. This has meant that these stacks may have been implemented with a lower level of security diligence than would potentially have been the case that we should had not been in an environment which changed so rapidly from on-premises to remote working. Organizations have also implemented applications that they themselves were being developed at a rapid rate. So there is the potential that this new or enhanced tech

At present, what are your expectations from cyber security solution vendors, channel partners, and consultants?

CSOs are looking for assistance in reviewing and rationalizing their networks as well as being informed as to what is coming in the future. Not only what tech and threats are on the horizon but also what potential regulation may affect their operations – data privacy comes to mind here. There is also a push into AI and the metaverse through Web 3.0 which in itself represents challenges for the security team as they move to understand what the challenges are when combining many aspects of e-commerce, content creation and accessibility by consumers. So realistic and knowledgeable advice on these areas are also becoming a focal point for CSO and vendors, partners and consultants need to be across these issues.

At present, what advice or feedback or recommenda tion would you give cyber security solution vendors, channel partners, and consultants?

Be prepared, know the CSO’s environment so they can go from the general to the specific. Be transparent on what you can and can’t deliver. ë

“The opportunities are a mirror of the challenges and they allow the CSO to provide the organization with tools, business cases, and quantitative analysis of any transformation”
CISO PROFILE
51OCTOBER 2022
40 COUNTRIES 4000 C-LEVEL EXECS 300+ SESSIONS 200+ EXHIBITORS 2022 ROADSHOW AUGUST-NOVEMBER 2022 POWERED BY GRAND FINALE 23rd NOV 2022 THAILAND WHERE TECHNOLOGY IS BORDERLESS, AMBITIONS ARE FEARLESS, AND LEADERSHIP IS LIMITLESS