*This will be the first in a series of cybersecurity CISO level discussions
Matthew Rosenquist is Chief Information Security Officer at Eclipz.io. He is a trusted advisor, expert, and evangelist for academia, businesses, and governments around the world, sharing his insights and best practices on several cybersecurity topics.
Matthew and Julian emphasized the importance of providing valuable insights to the audience and building a cybersecurity defense ecosystem to support the community. The conversation covered the evolving landscape of cyber threats, particularly the involvement of nation states in orchestrating cyber attacks, and the impact of AI on cybersecurity, highlighting its dual potential as a powerful tool for both attackers and defenders. They also explored the multifaceted challenges faced by Chief Information Security Officers (CISOs), including the difficulties of communicating security needs to the C-suite and the board, and the struggle to prioritize security within limited resources.
The speakers drew parallels between technological innovation and risk management, stressing the importance of embracing innovation while acknowledging and preparing for potential pitfalls, particularly in the realm of cybersecurity and AI regulation. They also discussed the evolving role of CISOs in the cybersecurity industry, emphasizing the broadening scope of responsibilities beyond regulatory compliance and infrastructure protection. The conversation underscored the critical need for CISOs to articulate the value of security in business terms and the importance of understanding and accepting that they do not have the final say in decision-making.
The discussion also covered acceptable risk levels in travel, drawing parallels between air travel and driving to illustrate how individuals perceive and manage risks in their daily lives. The speakers emphasized the complex interplay between risk acceptance, mitigation, and individual perceptions of safety in different modes of travel. They also explored the cybersecurity challenges faced by companies, cautioning against overcomplicating security measures and highlighting the need for informed leadership in understanding and communicating risks effectively. The conversation underscored the importance of balancing costs, acceptable risk levels, and friction when implementing cybersecurity measures, and the potential need for a combination of tools, processes, policies, and behavioral controls to achieve optimal security.
Finally, Julian and Matthew emphasized the increasing importance of cybersecurity for businesses and the imperative to build a community to address cyber threats. They discussed the impact of cybersecurity on consumer purchase criteria and the potential loss of deals for companies that do not showcase a secure environment. The conversation also revolved around the significance of better communication and action in the cybersecurity space to reduce the impact of cybercrime.