Day 2 at the Gartner Security and Risk Management Summit started with hot and humid weather. Summer is clearly in full swing in Washington DC. As with yesterday, the summit is a large event with many analyst presentations taking place simultaneously. I wanted to share a quick report of things from yesterday that could be useful to CIOs, CISOs, and other IT leaders. As with my previous report, I will do this in the form of a top 9 list format. So, without further ado, let me share the highlights from day 2:
Gartner analyst Leigh McMullen said that we are moving to what he calls an “A type CIO.” I would like to think that the A stands for adaptive. In differentiating A type CIOs, Leigh says they are growth focused rather than cost reduction focused. In talking with members of #CIOChat previously on this topic before, Pascal Viginier, the CIO of Orange, reflected the opinion of others when he said that “business value is much better than a cost centric approach in building a business case.”
McMullen also said that CIOs need to move from a focus on datacenters and operations to a focus on design. This is an interesting way of putting things. From here, he spent some time talking about “customer experience” and the impact of technology change has on it. He asked, “What happens to customer experience when my primary interface becomes an AI assist device?”
Gartner analyst Ant Allan said that “trust takes years to build, seconds to break, and forever to repair.” This was in a talk regarding “digital trust” and how it impacts things like customer experience.
Earl Perkins from Gartner said that digital businesses require trust and resilience to survive. I know that Ann Cavoukian and Michelle Dennedy would agree. This clearly means that trust needs to be built at the same time as you implement a single view of a customer using big data.
Perkins also suggested a better name for IoT is “Pervasive Digital Things.” We are still talking things but pervasive and systems of systems works for me.
Chris Wlaschin, CISO of U.S. Department of Health and Human Services, said that CISOs need to work on their communication skills. He said next time you think of writing an email filled with technical terms, you should go and have a face to face meeting and speak in business terms—risk—instead of technical terms.
Bob Jamieson, CISO of Mallinckrodt Pharmaceuticals, said instead of showing incident counts and other scary things to the CEO and board, CISOs should show how they are improving what he calls the security risk maturity curve.
Lanita Collette, CISO of the University of Arizona, says CISOs should show how they are maturing their organization’s risk practice so that it is proactive versus reactive. “I want to show that I am making the University of Arizona a secure place for faculty research.”
Robert Daugherty, CISO of Cobham Advanced Electronic Solutions, said that as a defense subcontractor they need to ensure that their security is DFARs compliant. He also said interestingly that they have gone from avoiding cloud to a cloud first strategy.
Another interesting set of thoughts for IT leaders: CISOs clearly need to become more business-like. In the #CIOChat on Twitter, the IT leaders there have said that CISOs need to become more like CIOs and more of a business communicator. The above CISO talks from yesterday clearly confirm this.