Top Cyber News Magazine - Oct 2022

MAGAZINE
TOP CYBER NEWS
About people, by people, for people
OCTOBER 2022
E x c l u s i v e a r t i c l e b y
C I O & C I S O a t P l a z a D y n a m i c s

Fore
Word
2
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved
The Chief Information Security Officer (CISO) acts as a Digital Sentinel with their resources poised to
prevent cyber-attacks and lead the remediation activities post attack. The CISO is quickly becoming one
of the most valued positions to an organization regardless of their size due to the heavy IT and Cyber
responsibilities they carry. Threats are no longer external to the organization and the insider threat
must now become part of the risk assessment process when CISOs are assessing risks to
infrastructure and data.
The Digital Sentinel is responsible for selecting their weapons like any good warrior they have assessed
the threat landscape and selected tools which meet the organizations needs while accounting for
advances in technology, affordability, and potential shift in business operations. Adversarial tactics
have largely remained the same targeting popular applications like Office 365 or complacent users who
inadvertently click links inviting the adversary deep into the layers of the domain. For the Digital
Sentinel it’s a game of tactics and techniques and cyber threat intelligence plays a role in how limited
resources are allocated towards known vulnerabilities and how they and their incident response team
will react to exploitation of the unknown vulnerabilities lurking deep within their domain.
While protecting the IT Infrastructure the Digital Sentinel must work to foster good cyber hygiene
within an organization and build collaborative relationships amongst various functions within the
organization to develop effective policy and cyber culture. This can be a challenge at times and it’s
important to remember people skills are needed to compliment a highly technical skillset. The “people
factor” is an important component when the CISO is building a cyber culture within the organization,
and they face the daunting challenge of balancing the needs and wants within an organization and the
risks associated with both. It’s important for CISOs to have a strong relationship with the C-Suite and
not just at budget request time, they need to provide situational awareness for risks that could impact
the business operations and advise on realistic and affordable mitigations.
Digital wars are silently fought like a patient game of chess, each piece has a role on the board and
movements on that board are controlled by the role. The CISO role acts as a Digital Sentinel protecting
and pivoting across the board as they attempt to defend the cyber domain against attacks and insider
threats. Each side collects one another’s pieces through unauthorized exfiltration of data or breach of
the domain, the game is endless, and it doesn’t rely on a game clock, or the number of pieces
collected by an opponent. Multiple games are at play and the Digital Sentinel is quietly watching and
protecting their domain.
The Digital Sentinel – The CISO - Angelique "Q" Napoleon for Top Cyber News MAGAZINE

Les Assises de la Sécurité
www.lesassisesdelacybersecurite.com
The gathering of cybersecurity experts
from 12 to 15 October 2022, in Monaco
Le rendez-vous des experts de la cybersécurité
du 12 au 15 Octobre 2022, à Monaco
#LesAssises #LesAssises2022 #LesAssises22

4
Matthew Rosenquist, Eclipz, USA
Matthew Rosenquist is the Chief Information Security Officer (CISO) for Eclipz, the former Cybersecurity
Strategist for Intel Corp, and benefits from over 30+ diverse years in the fields of cyber, physical, and
information security. Matthew is very active in the industry and advises fellow CISO’s, boards, academia,
governments, and businesses around the globe on emerging threats, innovation, and industry best practices.
Matthew specializes in understanding the fundamental factors that drive and shift the industry. He has been
providing cybersecurity predictions for decades and his insights have been published in reports and various
industry periodicals. As a veteran cybersecurity strategist, he identifies risks and opportunities to help
organizations balance threats, costs, and usability factors to achieve an optimal level of security.
He develops effective security strategies, measures value, develops techniques for cost-effective capabilities,
and establishes organizations that deliver the right levels of cybersecurity, privacy, governance, ethics, and
safety. Matthew is a member of multiple advisory boards, an experienced keynote speaker, publishes
acclaimed articles, white papers, blogs, videos, and podcasts on a wide range of cybersecurity topics, and
collaborates with partners to tackle pressing industry problems.
Matthew has won numerous awards and recognition, including: LinkedIn Top 10 Technology Voice,
Thinkers360 Top 10 Cybersecurity and Privacy Thought-Leader, Engatica Top 50 Cybersecurity Influencers,
and leadership awards from HMG Strategy and Global Leaders Today.

by Matthew Rosenquist
The Next Great Challenge
for CISOs
CISOs are facing a new challenge to their success - showcasing the meaningful value of cybersecurity
over time. This is largely unfamiliar and traditionally difficult for leaders. As threats and operational
complexities continue to increase, security has adapted by requesting ever larger budgets to scale with
the new threats. Annual increases of 9% to 20% aren’t unusual, with some regions seeing a 60% jump
in security budgets. This is not sustainable for groups that are positioned as cost centers and not
bringing in revenue to offset their budget. There is no doubt that cybersecurity is appreciated and
necessary, but the question is how valuable, how much protection is needed, and are the resources
managed properly? Organizations cannot blindly pour assets into a cybersecurity void every year.
Executives want to control spending and see a return on their investment. CISOs must rise to the
challenge by maximizing their contributions to corporate goals, working effectively to reduce the risks
of loss, and deftly communicating the value proposition across the organization.
Strategically, there are three areas that CISOs can focus on:
First, build a well-operating cybersecurity capability that purposefully aligns with the corporate
business objectives. Effectively and efficiently protecting against risks is the core function of
cybersecurity.
Second, compare the security and value against peer organizations. This benchmark is very valuable
for senior executives to understand if they are spending equitably on security.
Thirdly, explore opportunities to contribute to the bottom line regarding revenue, market share, brand,
and average selling price. Many companies leverage security, privacy, and safety features as non-
traditional competitive advantages. Apple’s recent marketing campaigns focus on privacy for their
customer’s data, not performance. This has worked well and shows that taking advantage of
cybersecurity can directly benefit the marketplace. CISOs must evaluate the business opportunities and
partner with product teams, operations, and marketing. Security teams that deliver a competitive
advantage have tremendously more prestige when communicating their sustaining value!
CISOs must face the elevated expectations that accompany cybersecurity costs. The value must be
embraced by senior leadership to maintain the necessary support to remain effective. CISOs need to
maximize and showcase their contributions to the business, which requires new skills and approaches.
Those who fail will suffer from growing doubt, more scrutiny, waning support, and less resources to
achieve success against ever greater expectations. The best leaders will take advantage of
opportunities and prove the value of their cybersecurity program.
5

6

T a l e n t S p o t l i g h t : C y b e r S e c u r i t y
Matthew Rosenquist
Chief Information Security Officer for Eclipz
This interview is conducted by Yehudah Sunshine, Director of Marketing at Cyfluencer
Matthew Rosenquist is the Chief Information
Security Officer (CISO) for Eclipz, but this is just one
of the countless responsibilities he holds. From
CISO and globally sought after speaker, to advocate
and industry expert Rosenquist has seen the
industry grow and cyber risk evolve from passing
thought to driving the conversation. With over 30
years of experience defining the cyber strategy and
outlook of many of the leading players in technology
and software development Matthew has witnessed
firsthand the evolution of responsibilities and cyber
knowhow of security professionals, from the humble
beginnings of investigating financial crimes to the
CISO and everywhere in between.
7
[Yehudah Sunshine] Tell us a bit about your initial
motivation to get into cybersecurity.
[Matthew Rosenquist] I think I was initially driven by
the combination of technology and the challenge of
dealing with intelligent, crafty, and motivated
adversaries. I started in security working with a
world-class team that focused on detecting,
investigating, and prosecuting criminals committing
theft, fraud, and embezzlement.
I took a particular interest in detecting charge fraud
and arresting the criminals. I realized the technology
is just the playing field that the threats operated in
and the real challenge was in dealing with the skills,
creativity, boldness, motivation, and persistence of
the attackers. Defenders are directly pitted against
those seeking to undermine security and victimize
others.
I was hooked. Cybersecurity was a
natural fit as it combined my passion for
technology and adversarial interdiction –
all for a noble cause of defending against
undesired impacts.
[Yehudah Sunshine] What significant
experiences shaped your approach to cyber
risk management at this stage?
[Matthew Rosenquist] Practical experience
always guides your understanding, and for me
this was really the case. From Dealing with
technology, behavioral, processes, and business
challenges as well as building teams, tackling crises,
and working with various organizations across the
cybersecurity industry I was able to form ideal
approaches. As a result I thrive on situations where I
have been able to anticipate what the attackers will
do and establish best-practices in pursuit of
managing risk to an optimal level.

[Matthew Rosenquist] Building Intel’s first SOC,
leading the first cybersecurity crisis response team,
figuring out how to manage M&A risks, and leading
entire security organizations with an eye to find the
right balance of risk, costs, and friction to the
business.
[Yehudah Sunshine] Today you shuffle many hats,
from executive and CISO to cybersecurity thought
leader and sought out speaker. How do you blend
these diverse expectations while still having a clear
vision of improving cybersecurity?
[Matthew Rosenquist] For me, my professional
journey is driven by a single objective: to make
digital technology trustworthy. That means it must
be secure, private, and safe – which are the
hallmarks of cybersecurity. I seek opportunities to
understand and predict our adversaries, support
cybersecurity innovation, drive equality and equity
for the workforce.
[Yehudah Sunshine] Who were the most impactful
individuals in your journey, that both influenced
your trajectory and imparted critical life lessons in
and beyond infosec?
[Matthew Rosenquist] I have always been sparked
by people with passion, innovative ideas, skills to
organize, communicate, and inspire! Great people
can be found in every profession, at every level. I
have had great bosses, mentors, and brilliant
industry colleagues. But I have found impactful
people at all levels in almost every engagement. The
constant chaos and ambiguity of cybersecurity
requires professionals to continually learn and
adapt.
I purposefully look for these people to improve my
own capabilities. This is why communicating and
collaborating is so crucial. We all can influence and
inspire each other to rise to the challenges.
For me, one of my greatest inspirations was Sun
Tsu, who advocated knowing the enemy as well as
yourself. This concept became pivotal in my journey
in cybersecurity, where people often believe
problems are only of a technical nature.
[Yehudah Sunshine] What have been some of the
turning points in your career that changed how you
view the nexus of technology and cyber risk?
Interview with Matthew Rosenquist, by Yehudah Sunshine
>>
8

Secondly, it is a practical matter. Cybersecurity
teams that lack diversity of ideas and perspectives
are at a distinct disadvantage to their adversaries
who do bring diversity to the fight.
If we want to keep pace with attacker innovation, we
must also proactively embrace inclusion for women
and underrepresented minorities. They possess
different experiences and viewpoints, bringing
creative perspectives to increase the level of
capabilities for cybersecurity teams.
[Yehudah Sunshine] What do you see as the prime
focus of your cybersecurity evangelism?
[Matthew Rosenquist] To encourage the community
to communicate and collaborate in ways that
improves everyone’s ability to manage cyber risks.
Cybersecurity is a team sport; we must win by
working together. It is the only way we have a
chance to maintain parity with the rapidly evolving
cyber threats.
[Yehudah Sunshine] What strategic and practical
advice can you give for individuals seeking to
eventually become a CISO or industry leading cyber
thought leader?
[Matthew Rosenquist] There are many different
roles in cybersecurity and many don’t require
technical skills. Find your interest, whether it is
technical, behavioral, legal, leadership, organization,
or something else and identify the roles you are
interested in. The cyber industry can be grueling for
those who aren’t doing what they love, so choose
carefully.
Then find out what education, skills or certifications
beneficial. Plan your path accordingly.
In almost all cases, practical experience is
supremely valued so take extra care to enrich
yourself with real-world acumen.
[Matthew Rosenquist] I make it my mission to
advocate for digital ethics to strengthen the
foundations of technology, communicate best
practices, inspire audiences to see the value of
cybersecurity, as well as collaborate with the best
minds to solve the most pressing problems, and
dispel misinformation that can weaken the industry.
We all have a role and can actively contribute with
focus and passion!
[Yehudah Sunshine] What sparked your commitment
to improving the opportunities for women and
minorities in cyber?
[Matthew Rosenquist] First and foremost, equality
and equity among people is simply the right thing to
do. You can’t have basic human rights if people are
not included or afforded fair opportunities.
>>
9

[Yehudah Sunshine] What emerging technologies or
threat vectors will make the biggest waves in 2023?
[Matthew Rosenquist] AI, Quantum Computing,
Blockchain, and space-based communications will
all play important roles in 2023 and beyond. These
are powerful technologies that can be used for the
good of society or wielded in malicious ways by
those seeking to leverage their capabilities.
This is why cybersecurity will play a key role to
make sure powerful innovative technology is secure,
private, and safe. We all want to embrace the
wonderful benefits of new products and services,
and not suffer the potential impacts from misuse.
Cybersecurity will be the force that influences better
designs, development, operations, assurances for
proper use and protections when those fail.
“It is a tremendous challenge and requires
brave, skilled, and adaptive people to take on
the challenge and work together to deliver
sustainable optimal security.”
Lastly, find thought-leaders who are in those roles
and connect with them on professional social
networks like LinkedIn. Follow them. Watch what
situations they find worthy of weighing in on.
Understand how they see, describe, and approach
problems or issues.
Simultaneously, build your own brand by
contributing to discussions with ideas, concerns,
perspectives, and questions. This reputation will be
a great resource when applying for jobs or reaching
out to peers for collaboration.
[Yehudah Sunshine] In the coming year, what will be
the most significant cyber threats on the rise?
[Matthew Rosenquist] The world is in the midst of a
war between powerful digital countries, who
possess tremendous nation-state capabilities to do
harm. The most significant threats to our global
digital ecosystem is from offensive actions directed
from aggressive nations that seek to exert political
agendas, accumulate power, or seize economic
advantages to the detriment of others.
Critical infrastructure such as government services,
defense, energy sector, transportation systems,
shipping logistics, communications, healthcare,
finance, and media will be targeted with disruptive
attacks and digital extortion like ransomware.
Conflict on the international stage now includes
cyberwarfare. There is no putting that powerful
genie back in the bottle.
The second threat will be from within. The costs of
cybersecurity continue to skyrocket and it will be
necessary to adapt programs to maximize returns,
be efficient, effective, and showcase the value of
security programs, to justify the spending. This will
be a significant challenge for teams who are more
focused on preventing and responding to attacks.
Business case justification and communication to
executive levels requires a whole new set of skills,
tools, and perspectives. Yet, securing operational
funding is necessary for survival and longevity.
>>
10

by Yehudah Sunshine
The Shifting Roles
of Today’s CISO
11
Over the past year, I have been privileged to
speak with hundreds of security
professionals, and dozens of battle-tested
CISOs. These conversations frequently
focused on understanding what separates
an adequate cyber leader from those
forward-thinking visionaries redefining
security awareness, management, and
mitigation worldwide. In the process, I
couldn't help being overwhelmed by the
constant mentions of four keywords:
• Accountability
• Accessibility
• Communication
• Integration
Regardless of sector or funding, public
profile, or company size, organizations
everywhere expect their top security leaders
to be the one-stop shop for improving risk
outlook all the while holistically changing
the security culture from the top down. With
the rapidly evolving roles and
responsibilities of today’s CISO, the
personality and core ethos of these leaders
demand:
Accountability
CISOs are more than just punching bags to
blame for massive data breaches. Effective
CISOs must take full responsibility for data
security, and cyber awareness implantation
while providing the resources to empower
the workforce to mitigate cyber threats.
Accessibility
A CISO cannot be an anonymous figure in
the shadows. Today’s CISO must be
available for the varying needs of every
dept. Rather than siloing themselves off in
an ivory tower, security leaders must make
every effort to connect with vital individuals
across the company. By providing actionable
advice and implementing clear channels to
relay potential risks CISOs become a carrot
vs a stick.
Communication
A CISO can only make an impact when their
terminology and approach is contextual to
whom they are speaking to. Today’s ideal
CISO is one part security wizard, two parts
wordsmith.. Blending technical expertise
with the language everyone can relate to is
key to making cyber risk real.
Integration
No one wants to search the yellow pages
when their house is on fire, and the same is
true for cybersecurity. To enhance cyber
awareness and skills building, security
professionals must be ingrained in non-
technical teams. By breaking down
obstacles to communication and more
importantly forming genuine relationships,
CISOs can bring cyber preparedness into
terms their teams can approach.
There will never be one clear definition of
how the role of the CISO has changed in the
past 30 years. However, after countless
conversations and many long nights diving
deep into how today’s CISOs take on
complex security challenges one thing is
clear.
By blending Accountability, Accessibility,
Communication, & Integration CISOs can
better influence their organization's long-
term cyber risk strategy and prevent data
loss.

12
Yehudah Sunshine, Cyfluencer, Israel
Bringing together his diverse professional cyber know-how, intellectual fascination with history and
culture, and eclectic academic background focusing on diplomacy and the cultures of Central Asia,
Yehudah Sunshine keenly blends his deep understanding of the global tech ecosystem with a
nuanced worldview of the underlying socio-economic and political forces which drive policy and
impact innovation in the cyber sectors. Yehudah's current work focuses on how to create and
enhance marketing strategies and cyber driven thought leadership for Cyfluencer
(www.Cyfluencer.com), the cyber influencer thought leadership platform. Sunshine has written and
researched extensively within cybersecurity, the service sectors, international criminal
accountability, Israel's economy, innovation and technology, as well as Chinese economic policy.

by Gary HAYSLIP
Storytelling
A CISOs’ Formula for Success
13
Today’s CISO is caught in a landslide of change as businesses undergo extreme transformation.
Their role requires evangelizing the strategy of their security programs, their program’s
management of systemic risk, and finally, its perceived value to company employees and leadership
stakeholders. To be effective in this challenging process, I find an excellent tool to use is
storytelling. This skill allows CISOs to express ideas and bring the audiences on a journey to
experience their point of view. In storytelling, I use a formula to describe current business
problems and the value added when these issues are addressed. I view the core components of my
storytelling formula as:
Context + Value = Informed Decision Making
Context: Provide insight to help the audience see the CISO’s point of view. An example, the
company should be ISO 27001 certified. In describing the need for this initiative, the CISO may
relate how, as parents, we pick a doctor for our children based on certifications, education, and
experience we feel demonstrates competence. This process also emulates how customers review
companies and their certifications, like ISO 27001, to demonstrate they meet industry best
practices for cyber resiliency and risk management. Helping the audience see the security need
through a personal lens builds a bridge between the CISO and the audience.
Value: After the audience has gained an understanding of the requested initiative, it’s time to answer
the question, "What's in it for me?" It is in this part of storytelling that the organization’s current state
is described, and the CISO outlines the resources required, possible impacts on operations, and, finally,
end results that provide value to the company.
Informed decision-making: This is the outcome of a good story. The CISO, peers, and executive
leadership make decisions using not only numbers and statistics but also a contextual understanding of
the importance the initiatives provide to the business.
The use of engaging stories to drive action and possibly shape the culture of an organization are key
reasons why I believe communication skills need to be continually developed and used by security
executives. These skills give the CISO the chance to step out from behind the wall of their security
program and be visible, to be seen as human and someone to trust. Through this trust, the CISO can
mature the security program and meet their company’s needs.

With over 20 years of IT, cybersecurity and risk management experience, Gary Hayslip has established a
reputation as a highly skilled communicator, author, and keynote speaker. Currently, as Global Chief Information
Security Officer, he advises Softbank Investment Advisers (SBIA) – The Vision Fund, executive leadership on
protecting critical information resources and overseeing enterprise cybersecurity strategy. As the senior security
executive for SBIA, Hayslip’s mission includes creating partnerships and a “risk aware” culture that places a high
value on securing critical information entrusted to SBIA.
Hayslip as a proven cybersecurity professional recently co-authored the CISO Desk Reference Guide series: A
Practical Guide for CISOs – Volumes 1 & 2, Executive Primer – The Executives Guide to Security Programs,
Develop Your Own Cybersecurity Career Path, and The Essential Guide to Cybersecurity for SMBs. His previous
executive roles include multiple CISO, CIO, Deputy Director of IT, and Chief Privacy Officer roles for the US Navy
(active duty), the US Navy (Federal Government employee), the City of San Diego, California, and Webroot
Software. Hayslip currently holds several professional certifications including CISSP
, CISA, and CRISC, and has a
Bachelor of Science in Information Systems Management from University of Maryland & Master’s in Business
Administration from San Diego State University.
14
Gary Hayslip,
SoftBank Investment Advisers, USA

by Michel CAZENAVE
Are We Appropriately Skilled
To Be Top Class CISOs?
15
Cybersecurity strategy begins with the CISO
While systems become more complex, hybrid,
interconnected, nowadays CTI information shows
that “cyberattacks have shifted from disrupting to
75% attempts to take control of target” (source
Cyber Intelligence x sectorsAlliance) and get a
remote access, encrypt and/or steal data, setting
backdoors and spying activity associated with
criminal revenues either directly claimed from
victims or by selling knowledge, data,
vulnerabilities and tools on the dark web.
This evolution should lead every CISO, with the
unconditional support of their company boards of
directors who are perfectly aware of the risk
even if they still wish to understand how to help,
to rush a 360° hardening and best practices
review of their processes, assets and systems in
order to become a too costly target to pawn,
compromise or ransom, associated to an overall
preparation of their incident response plans,
proactive training and monitoring strategy to be
able to react appropriately in case of incident.
“The increasing sophistication of cyber
criminals coupled with
the rapid shift to digital technologies has
emphasized cybersecurity’s importance. Those
factors will have a
knock-on effect on CISO role and impact as well
as the C-level view and understanding on
cybersecurity”
While C-level consider now cyber security as a
strategic priority, the CISO needs to evolve
leadership to match this new interest within an
organization. It means to switch and ascend to a
C-level forward thinking attitude to lead and
orient strategy, investment and projects with a
clear, didactic prioritized and argumentative
discourse on business challenges and threats
and potential impacts.
While this internal shift is important, CISO can
also focus on creating or joining external circles
of trust to collaborate with peers. It creates value
by breaking CISO isolation, leveraging knowledge
and threat awareness and sharing or
benchmarking information, advices, tools,
methodologies and procedures in similar context.
It is already a trend with ISACs or similar
organizations (and even used by cybercriminals).
Collaboration is probably the next additional
must-have to leverage CISO's existing weapons
and means.
All other aspects of cybersecurity strategy shall
focus on helping IT to deliver business aligned,
secured, and resilient services which is quite
business as usual for a CISO and combine well
known recipes (understand the business, hire
experts, use best practices, deploy security
tools, use external cybersecurity services and
consulting, be certified, analyse risks, define
controls, patch, audit… to definitely become a
too hard target to hit.
Are we appropriately skilled
to be top class CISOs?
“What the ancients called a clever
fighter is one who not only wins, but
excels in winning with ease.”
~ The art of war by Zun Tsu
The cyber threat is no longer an illusion nor
discussed as a hypothesis but as a certainty. The
disaster is imposed on us every day, with
shocking publications: "data breach", "spear
phishing", "ransomware" and soothing crisis
declarations: "we are in control of the situation
and are investigating", "we have called in the
best experts", "the impact measurement shows
that the sinews of the company's war are not
affected", "no data has been affected".

by Michel CAZENAVE
>>
16
The CISO is, within his or her company or
organization, THE point of reference for
cybersecurity. Charged with defining the right
strategies, implementing the right tactics and
directing operations to protect the company
or entity from cyber threats, the CISO has an
enormous responsibility that is extremely
difficult to assume in order to effectively
defend a perimeter that is by definition
porous, shifting and variable in geometry.
Most employ several means to achieve this:
recruiting experts (difficult), implementing
best practices (demanding), deploying
cybersecurity tools (expensive), setting up an
SOC or CERT (complex), using service
providers or consultants (helpful), obtaining
certifications (not sufficient), networking with
peers (useful) and share information,
successes and failures with trust circles
(ISACs).
None of these are bad and a CISO who
succeeds in getting his entity to run plans
that includes a complete and consistent set of
these means is probably a fair good CISO.
I might require to be a good performer in
many domains including technical,
organizational, logistical and administrative.
We all have studied, been trained in those
domains. If it is not the case, this might be an
improvement point for all of us and a starting
point for people that wish to become CISO.
The funny is how do one define this
"complete and consistent set"?
Successful CISOs adopt whole or part of
following or similar steps:
▪ understand how they are a target, what is
the threat and how it could turn bad for
their company
▪ align cybersecurity strategy first with non-
IT priorities (business, compliance, legal,
risk...) and then with IT priorities

17
CISO and CSO for PwC France, Monaco & Maghreb, President at CIX-A / Cyber Intelligence X sectors Alliance,
Michel Cazenave, is passionate about cybersecurity. Pragmatic and exploring new avenues, Michel leads his
teams to protect people, property and business in line with PwC's goal: building trust in society and solving
important problems.
He has been involved for over 25 years in cyber security, security and crisis management in demanding and
complex environments such as the Ministry of the Armed Forces and the Ministry of Foreign and European
Affairs.
He represented France at the Council of the European Union in the CCIS preparatory body from 2008 to 2017 and
has been laureate of 01 Business & Technologies 2012 CISO Special Jury Prize in 2012.
Member of CESIN (www.cesin.fr) since its creation, he is also since December 2019, engaged as President of the
CIX-A / Cyber Intelligence X sectors Alliance (www.cix-a.net), ISAC which aims to organize the sharing & the
operational, tactical and strategic collaboration between CISOs & their teams to improve the cybersecurity
ecosystem and help members and their supply chain to defend themselves collectively.
Michel CAZENAVE, France

by Isabel María GÓMEZ
From Delfos
to Cybersecurity Facilitator
The user education model has been in force for more than 30 years but don’t seem to give the
expected results. The culture of security/privacy don’t end up permeating people and despite the
millions invested in awareness we continue to see daily examples ranging from large companies
to people not linked to work areas that show videos on social networks indicating how not
having a series of security measures in place have led to the loss of your account and part of
the digital identity related to the loss of the although in younger people with videos like those of
Instagram or TikTok.
It's time to look for new approaches, to be more effective and above all to adapt to new
technologies by knowing our way of learning. We begin this journey then in the ancient pronaos
of the temple of Apollo at Delfos where it is inscribed "Know yourself" (gnothi seauton). A Greek
aphorism as simple as effective tells us that knowing how the human being memorizes new
information may hold the key. I invite the reader to go back for a moment to being students and
carefully think that, if we want our employees, third parties and families (a very important part
of this whole) to retain more information and be better prepared for security challenges, we
must not forget to know how to be better. Several well-known studies indicate that of everything
we listen to after 24 hours we will only retain 5%, of what we read we’ll only retain 10%, of the
graphics we look at 20%. From what we hear 30%, if we discuss it with others 50%, if we
practice and write it down, we’ll go up to 80% and if we show it to someone else we can reach
90-95%....
With this in mind, this 2022 I started a personal journey to find out which could be the best
method that would combine all of the above and that would also allow me to reach that desired
90%-95% and I found it!
Becoming a facilitator and sharing awareness sessions. The results have allowed a greater
communication of possible social engineering attacks widely known in addition to a significant
improvement in the protection, including the family environment. Becoming a facilitator allow us
to interact in a close, dynamic, bilateral and simple way, making knowing ourselves a new
paradigm of effectiveness in security awareness.
18

19
Isabel María GÓMEZ has long tested experience in security and information technologies, and in the course of
her career has specialized in several areas related to security. Some of them are: Risk Management,
Cybersecurity, Continuity and Resilience IT, Privacy, Compliance and Digital Transformation. She has also a
widespreed legal, regulatory, technical, and financial background let her manage and coordinate efficiently different
legal and technical areas. Previously, Isabel has had various executive roles reporting direct to CEO in information
security in leading companies in their respective lines of business, such as Atento, SegurCaixa, Bankia, and
Medtronic
Isabel María GÓMEZ, Spain

Cybersecurity is not a new skill set. It is an
important subset of overall enterprise and
personal security. Security is both common
sense, and a habit for successful individuals
and organizations. For example, remembering
to lock the doors and windows of your house
when you sleep or are heading out. It’s
common sense not share your home keys with
a stranger. Or for that matter, when you buy a
new house, to change the locks for your own
security. And not a cheap lock either. Today,
people practice these security habits naturally.
And in social behaviour most people are careful
not to spread rumours, allegations or false
information when interacting with others in
business and personal settings.
However, these security and common sense
practices are not universally applied in
cyberspace. In cyberspace people a much more
unconscious of security and safety
consequences. For example, to use an easy to
remember password such as “1234567” or
“password1”, that they write down on a Post-it
note and leave out in the open for all the see.
Or to share on Facebook, Instagram and other
social media outlets outrageous photos or
contestable opinions. It never occurs to many
people that information such as birthday,
mother’s maiden name, or their mobile number
constitutes PII (personal identifiable
information) that most banks routinely use to
authenticate you over the phone. A definite
security risk if this information falls into the
wrong hands.
While many people are unaware of the risks of
such behaviour, many companies are unaware
of the hidden cyber security risks inside their
organization.
The modern CISO understands these risks, yet
until recently, the role of the CISO has been
relegated to a subset of the technology function
and rarely has cyber security been part of the
business strategy or culture.
Simply put, cybersecurity professionals are
seen as outcasts by business line leaders, and
even the technology and risk functions.
In most organizations, the role of head of cyber
security has been filled with either former IT
professionals, or former military security
specialists. They are technical and security
experts, but not business experts. They see their
role as technical, whereas the real need is for
cyber security to become an important business
issue so that all employees feel accountable for
company and personal cyber safety. For the
modern CISO, security-by-design is a business
issue and a key part of how to keep the company
safe. However, when the CISO talks about
security-by-design and other important business
security issues, they are often seen as arrogant
and condescending. They are also branded as the
“Bad Guys” who must be the gatekeeper within
the company, to oversee security checks for all
IT projects. Which naturally means the cyber
security function will never win a popularity
contest and is often left out of important product
development planning until the very end.
For the CISO, as the defender of the crown
jewels of the business, one significant breach is
enough to warrant potential dismissal. In the
language of soccer, you can go from hero to zero
in just 1 min when cyber criminals manage to
‘score a goal against you’, while few give credit
for the fact that your cyber team rebuffed
multiple hack attempts for over 89 minutes.
Cyber security is definitely undervalued.
by Aloysius CHEANG
CISOs - Defenders Of The
Crown Jewels Of Your Business
20

by Aloysius CHEANG
>>
21
But things are changing. Recently, due to the
large increase in cyber attacks globally,
cybersecurity is beginning to take centre
stage. And it comes as a key part of the new
era, the digital era. In the 4th industrial
revolution, we are seeing people talking and
accepting the notion of a “digital economy”
and the need to undergo a digital
transformation. This is so true under the
Covid-19 pandemic where if organisations do
not change the way they operate, they may
not survive.
Take for example shopping malls. Shopping
malls are finding it hard to survive with
restrictions on personal gatherings due to
Covid-19. On the other hand, e-commerce or
online malls such as Alibaba’s T-Mall or
Amazon have a thriving business model! Not
to mention the Deliveroos and Deliver Heros
of the world that send food to your home as
restaurants are either ordered to close to
customers or operating at a capacity that is
not revenue viable.
As there is a quantum shift in business and
individual behaviour towards online
commerce, suddenly it dawned on many that
there will also be security and privacy
concerns online. For example, when using
online commerce sites, making sure that
personal and financial information are not
shared, leaked or stolen. People expect their
online experiences to be safe and secure. And
this is helped by the cloud revolution, where
for once it is very clear that IT today is
already a utility, just like electricity and water.
And just as you expect your electricity to be
green and water to be potable, people have
the expectation that cloud services are
secure.
True, it is still far from seeing the CISO taking
over the CEO position in any traditional
business. More recently however we are
beginning to see a few CISO’s as part of a
company’s executive management team with
a direct reporting line to the CEO. Even more
frequently we are seeing companies valuing
and elevating cyber security and giving the
CISO more access to business leaders. Some
even appoint cybersecurity professionals onto
their board to better address cyber risk
issues. The implementation of GDPR in
Europe and the appointment of a Data
Protection Officer (DPO) has driven the
recruitment of professional CISOs to support
efforts to build security controls into privacy
policies and internal controls.
However, to be effective the modern CISO
must be able to communicate to the Board
and senior management in business
language. To speak the business language
that everyone can understands, and not in
terms of their firewall rules or security
penetration testing lingo. The crux to build
trust with business and the board.
We are in a new era today where cybercrime
is exploding. The modern CISO must become
not only as the “cyber sheriff” bringing law
and order into the company’s cyberspace, but
also be an “Ambassador of Cyber Safety”
through an understanding and development of
the internal cyber security digital eco-system.
The modern CISO is the architect of an open
and transparent communication and
collaboration model that protects the
company, customers and employees.
“That new world order is now, and
cybersecurity is moving from the back-room
to the frontline and the boardroom.
Will business leaders grasp this opportunity
and make the best out of it?”

22
Top Cyber News MAGAZINE - October 2022 - All Rights Reserved 22
Aloysius Cheang, Huawei, UAE
Aloysius Cheang is the Chief Security Officer of Huawei UAE responsible for driving the company’s
cybersecurity vision of building a safe and secure intelligent connected digital world in the UAE and
Islamic nations globally. He is also a Board Director for US-based (ISC)2, as well as UK-based
cyber leadership think tank, the Centre for Strategic Cyberspace + International Studies (CSCIS).
In his career spanning over 20 years, Aloysius has extensive experience in delivering strategic,
complex, multi-year and multi-million-dollar technology and cyber program for Global 500
organizations while managing large international, multi-cultural, multi-disciplinary team in his
various assignments globally.

by Lydie NGO NOGOL
The Era of CISOs
23
In today's digital age, cybersecurity is no longer a luxury, it’s a necessity. The Chief Information
Security Officer has therefore become an important role in any organization that wishes to better
manage security risks.
Having a good CISO is vital to effectively succeed in cybersecurity. However, a good CISO doesn't
need to play a hero or be one! Good leadership is what's most needed in cybersecurity. A CISO
ought to embrace his role as a business and risk management leader rather than a cybersecurity
guru. Their aim should be to build a well-integrated security governance that supports critical
business decisions. As a leader, a good CISO should also be able to build, inspire values and
develop a strong team of cybersecurity warriors with core knowledge and principles.
Culture change is the backbone of the vision that a Cyber Security leader should bear by
determining how it should be introduced, driven and by whom. In so doing, the CISO should
develop and maintain critical relationships with all stakeholders and communicate at both senior
and operational levels. The challenge here is to understand the diversity and differences in key
stakeholders skill sets and abilities, and to adopt a language that they can all understand. Couple
with this, the chief strategy of the CISO should be centred around resilience. For example, while
conversing with the CFO, the CISO should translate cybersecurity problems into risks issues and
draw a direct link to the cost impact that these can have in the organisation. The same problems
can also be presented as elements or events that can slowdown the productivity and growth in a
digital organisation.
Being able to find the proper message to each type of stakeholder requires to know your organisation,
your people, what motivates them, and how you can help them to achieve their objectives. Therefore,
the CISO should succeed in making sure that security effectively becomes everyone's responsibility in
the organisation. Consequently, it becomes clear that the idea of a CISO being a security guard who
blocks everything and slows down business is obsolete.
In my opinion, in a world where we are gradually dependant on technology, where systems are easily
hacked and yet people need a seamless work experience, a world where cybercriminals are constantly
shifting and improving their strategy, the CISO should be viewed as a leader that enables business to
run safely, timely, and productively.

24
Lydie Ngo Nogol is currently the Chief Information Security Officer (CISO) for PWC Sub-Saharan Francophone
Africa covering 10 countries. She is passionate about the topic of Cybersecurity and focuses her leadership on
culture change to bring more awareness around the benefits that good practice in this area bring to organisations.
She achieves this through an effective communication strategy that simplifies complex issues to bring clarity and
understanding about what Cybersecurity is and how to tackle it best. Lydie is also a hands-on leader with the
ability to promote and drive her teams to operational excellence.
Lydie was featured in the CISO Directory 2022 book, a guide to Africa’s leading cybersecurity decision making by
ITWeb organisation. One of her strongest aspirations is to pave a way that demystifies the perceived barriers
around becoming a CISO to encourage more young girls to follow on her footsteps and embrase this fascinating
and rewarding field of work.
Lydie NGO NOGOL, PwC, Cameroon

by Ludovic Lecomte
Cybersecurity
in the SaaS Industry
25
To do so, my strategy at Inova was to follow
these steps:
• Conduct a cyberthreat modelling exercise.
• Formalize and share a Secure Software
Development Lifecycle Policy.
• Train Security Champions who are the eyes
of the security at all steps of the DevOps
process.
• Finally, integrate security tools into the
DevOps pipeline to automate vulnerability and
cyberthreat detection.
"Do remember to protect your Forgery!"
Unfortunately, a lot of SaaS companies are
forgetting to protect their business. From my
experience, being too focused on protecting
the product is a mistake, because some threats
directly target your development framework or
environment. That's why it is important, in
addition to training people on cybersecurity, to
evaluate risks on the internal Information
System of the company.
The latest cybersecurity news confirms this.
SaaS companies are being directly attacked
from their internal Information System through
social engineering or malicious code directly
injected in the development framework.
Finally, cybersecurity is more about people.
Organization and trainings are the best
investments a SaaS company can make to
begin its security by design project. Particularly
when it is not that complicated to find magic
tools that automate security scans and provide
alerts on vulnerabilities.
At the end of the day, you still need people
able to react quickly. Therefore… can we
say/think that Cybersecurity is an infinite
human loop?
With the rise of the Software as a Service
(SaaS) business model and the explosion of
data externalization, companies have increased
their exposure to data leak. By making an
investment in a "Security by design" project,
SaaS companies can stay one step ahead of the
competition, prevent the impacts of a
cyberattack for their customers, and save
money by not having to fix vulnerabilities later
in production. All SaaS companies should
demonstrate that cybersecurity is a key
component of their development processes and
that they are taking aggressive steps to
integrate security into their everyday
operations.
"Security is all about Trust."
Placing cybersecurity at the center of a SaaS
product delivers a confidence boost for
customers who adopt it and establishes trust in
the software and its capabilities to protect the
data. There are famous certifications like SOCII
or ISO27001 that go a long way in providing
customers with evidence that best practices
are applied and audited, but compliance is not
enough. We need to continuously improve
security by renewing risk assessments,
tracking new threats and monitoring security
solutions.
"We know the incident will happen, we just
don’t know when."
Security by Design is a concept that pushes
SaaS companies to build their software and
hosting platform around a secure foundational
principle. It is a proactive approach that aims to
avoid and limit the impact of a successful
cyberattack. This approach also means
minimizing the cyberthreats exposition surface
by identifying risks scenarios and implementing
organizational or technical security controls.

26
Ludovic Lecomte began his role as CISO at Inova in February 2022.
After spending 10 years in Cybersecurity consulting and audit roles, Ludovic built a certified Information Security
Management System from scratch for Inova. Ludovic leveraged his communication skills, risk engineering and
passion for new technologies to take cybersecurity to the next level.
In addition to adopting a rigorous risk-based approach to cybersecurity, he is committed to building a digital trust
space for both customers and internal users. Ludovic is always ready to share his expertise with the broader CISO
community and with students training to be future Cybersecurity engineers at a French university.
Ludovic Lecomte, Inova, France

by Christiane Wuillamie OBE, FIRL
Why Is Cyber Security
So Difficult?
27
Cybercrime is a significant business risk, and every industry is under relentless attack from
cybercriminal gangs and nation state cyber armies. Yet Boards and the CISO are struggling to build
cyber secure organizations.
All Boards are concerned about potential cyberattacks, and CISOs work hard to provide adequate
technology solutions and cyber risk oversight. So why is effective cyber security so difficult?
We believe there are two fundamental issues that undermine an effective cyber security posture.
The first is the erroneous belief that cyber security is mainly a technology issue. Cyber security is
really a business issue that can damage their business performance, market value and brand
reputation. A large majority of successful cyber breaches involve human error, and weak business
processes are easily exploitable by cyber criminals. Effective cyber security is a combination of
aware and well-trained employees, effective end-to-end work processes, and up to date technology
applications.
The second issue that undermines cyber security is that most companies operate in functional
silos, focusing most of their time and resources on functional business objectives and not overall
enterprise issues. Few business leaders understand their function’s contribution to Cyber
Resilience and overly rely on technology and the CISO for protection. One of the reasons cyber
criminals are so successful is that they go after the weakest links, which are often people and
processes in non-technical functions.
Taking an Enterprise View
A company’s cyber security posture impacts business results, positively or negatively. Building a strong
cyber security culture requires every function to be aligned and joined up and for the Board to take an
enterprise view of cyber security.
When the Board adopts an enterprise view of cyber security as a business risk, they begin to demand
oversight in all three areas – people, processes, and technology. In addition, when the CISO steps out
of a purely technology role and into the role of Enterprise Cyber Security Officer, it is possible to
engage all business functions on mitigating cyber related business risks.
The Board can improve cyber security by mandating that all functions have the shared objective of
cyber security and use internal company data to measure how each function is strengthening their
cyber security posture. An enterprise-wide cyber security posture is an effective weapon against the
growing tsunami of cyber-attacks. The modern CISO must step up and step in to educate and partner
with the Board and business leaders for better cyber security oversight and risk mitigation strategies.

28
Christiane Wuillamie OBE, UK
Christiane Wuillamie OBE has done every job in Technology from coding, to being CIO in Financial
Services. She built and operationalised a strong, high-performance culture in every role. Christiane
leverages technology to solve business challenges through developing people and implementing
joined-up processes that deliver competitive advantage.
In the fast-changing cyber world, Christiane believes that only a strong culture of collaboration,
transparency and responsible leadership can deliver safety and security for all. Christiane is the co-
founder of a technology firm, PYXIS Culture Technologies that is quantifying the linkage between
corporate culture, leadership and business results and helping senior leaders understand how
culture impacts cyber security.

by Emilio IASIELLO
CISOs Need Strategic Thinking
to Be Effective
29
The Chief Information Security Officer, or CISO,
is fast-becoming one of the more difficult C-
Suite positions to fill. The CISO role has been
plagued with turnover, the average tenure
lasting anywhere from 18 to 26 months. This
doesn’t come as a surprise as the CISO is
inundated with an array of challenges that
include a nonstop barrage of diverse cyber
threats seeking to exploit the enterprise he
watches over, internal competition to secure
budgetary resources to aid in his defense
efforts, lack of authority to instil necessary
change, and convincing the larger C-Suite as to
why certain security measures are needed
regardless of their cost. Indeed, in many ways,
the modern-day CISO is the cybersecurity
equivalent of Sisyphus struggling to protect the
network enterprise only to see another incident
set him back on progress.
Therefore, it is unsurprising that CISOs suffer
from an incredible amount of stress due to
their critical role of minimizing their
organizations’ cyber risks. Hiring talent,
researching new industry updates and trends,
tracking security metrics, developing policies
and plans, and managing information systems
are overwhelming responsibilities that can take
its toll. A 2020 CISO study found that 88% of
those surveyed were tremendously stressed, a
minor decrease from the 91% reporting that
same affliction in 2019. Most of these
individuals believed that they and their teams
were expected to work longer hours than any
other department in their respective
organizations. Findings revealed that the
consequences of working considerable
amounts of overtime, poor work-life
balances, and 24x7 security concerns
contributed significantly to their poor
physical, mental, and emotional well-being.
Due to their multifaceted security
responsibilities, there is a tendency for CISOs
to try to do everything at once, as the dynamic
cyber threat landscape brings change at a pace
faster than most organizations can address.
These unique set of challenges makes the CISO
role part security expert, part security
prognosticator requiring the individual to find
balance in managing today’s risks with an eye
toward the future.With these seemingly
contradictory goals in mind, strategic thinking
may be the best asset for CISOs in today’s
environment, as it is essential for planning,
resourcing, and creating new ideas that spurn
new opportunities. However, in order to
accomplish these goals, the CISO must work
with the budgetary, personnel, and material
resources at hand to build the organization’s
cyber resilience. This is where strategic
thinking becomes paramount because it helps
the CISO implement security operations with a
“doing more with less” philosophy many
organizations must adopt.
By embracing strategic thinking, CISOs will lay
the cornerstone of their organization’s
cybersecurity posture through preparation. This
is essential in helping the CISO organize and
prioritize the myriad of security needs that
must be addressed. Whether it’s the threat
landscape or changes within the organizations,
the CISO’s greatest strength is the ability to
anticipate and adapt to evolving conditions.
This requires knowledge and understanding of
existing and emerging threats, as well as the
direction the organization is going. CISOs want
to have advanced warning to be proactive and
not be caught reacting to situations.
Strategic thinking will empower the CISO to
interpret challenges in ways that provide
insightful solutions to them.

by Emilio IASIELLO
>>
30
Be being able to interpret challenges, creative thinkers will search out multiple and where possible
unique data sources to digest and synthesize, and better inform their decision-making calculus.
Finding unorthodox but tenable solutions are the result of an inquisitive but open mind and a
willingness to learn. All of these feed into a comprehensive strategic thinking process.
By implementing strategic thinking, the CISO is better able to align these solutions with the
challenges in his or her portfolio. Having solutions that do not fit into the organization’s needs
when the organization needs them is poor preparation. Solutions must align to not only the
problems but also the prioritized requirements. This is why CISOs must be in constant
communication with the rest of the C-Suite, ensuring that the work is in concert with other
stakeholders and consistent with the vision held by the other chief executives. Getting buy-in and
making sure initiatives are in line with the C-Suite will help garner budgetary and professional
support, and by extension, commitment from the top brass.
The effective CISO will balance strategy with execution and ensure that any initiatives
coincide with other projects that may overlap or at least intersect with them.
Because the bottom line is that CISOs must marry what the organization needs with what a CISO
can give. This demonstrates leadership, responsiveness to key needs, and the ability to deliver, all
hallmarks of a successful plan for a focused and resilient cybersecurity program. Quick wins pave
the road for larger gains, and while not everything goes to plan, having a pre-planned roadmap will
help CISOs navigate unexpected obstacles, and recalibrate without suffering substantial setbacks.
Emilio IASIELLO, USA
20+ years’ experience as a
strategic cyber intelligence
analyst, supporting US
government civilian and military
intelligence organizations, as well
as the private sector. He has
delivered cyber threat
presentations to domestic and
international audiences and has
published extensively in such
peer-reviewed journals as
Parameters, Journal of Strategic
Security, the Georgetown Journal
of International Affairs, and the
Cyber Defense Review, among
others. All comments and opinions
expressed are solely his own.

by Craig Ford
31
Hard As Nails
Battle-Hardened Soldiers
The CISOs
You would have to be crazy to want this job?
What is a CISO? Leader of your organization's cyber security team. A CISO is someone who can
stand in a pot of boiling water, juggling fire sticks, dodging attacks from known and unknown
opponents, from all different directions, while still negotiating budget reversals to claw back funds
that were previously taken off the team because many organizations still don’t see a huge return on
investment from investing in security.
CISOs don’t all look the same, some wear suits, some wear jeans and polo shirts, some boys and
some girls but essentially speaking deep down they are hard as nails, battle-hardened soldiers of
the cyber security fight that many don’t even know to exist.
I know I am being dramatic, I’m using a bit of Hollywood flair here, but you must understand the
strength and perseverance of these leaders who do a job every day, that is hard.
I mean really hard.
The average career tenure for a CISO is seven years. Yes, that’s right 7 years. Let us think about
this for a moment, you have worked hard for 20 years in the trenches, really fighting your way
through the garbage, and you have spent $50K or more on qualifications so that you can have your
seat at the table to then be lucky if you can survive in that job, the coveted CISO position for maybe
5-7 years before you burn out or just say screw it, I’m out.
That’s a huge issue, we need to support these heroes more, and help them do what they need to do.
Stop cutting budgets because you can’t see the return on investments, the reason you are not seeing a
return on your investment is that the team is doing what they are supposed to be doing, protecting
your organization, sheltering you through the storm. The more you cut from the team, the more
corners that will be cut in your security, and the more chances of you and your organization being on
the morning news and not in a good way.
So, stand tall as CISOs, let's walk through the burning coals together and let’s start to beat back that
avalanche of attacks. Let’s start to turn the tide of this cyber war on the malicious actors, and show
them that we will not fold under the pressure.
Make smart choices, invest our time and money into problems we can solve, don’t waste precious
resources on flashy new blinky lights, get the basics right and we can all celebrate at the end of our
seven-year reigns. We have survived with minimal scares.
We got this.

32
Craig Ford is a wizard of the dark arts, a conjurer of the cyber world, he delves into ethical hacking,
security engineering and user awareness. He is not one of those hackers who hides in the dark,
hunched over his keyboard wearing gloves just doing his thing. No, Craig stands tall in the light, no
hoodies here (Unless it's really cold then he might just buckle on that stance).
He is a wielder of words, with works talking about all things cyber for Top Cyber News Magazine,
CSO Online, Women in Security magazine, AISA Cyber Australia and Cyber Today magazines and so
many more we don’t have the space to mention. He has written some books (A Hacker I Am Series)
that will pull you down the cyber security rabbit hole and leave you wanting so much more. He has
a new hacker novel, Foresight (Shadow and Vulcan to follow in 2023).
Unlike many hackers, he isn’t too hard to find, look him up, and you will not need to search long.
When you do find him, you can find all the usual acronyms and whatnot.
He is a defender of cyberspace, here to stand with you on the war that is coming between good
(your friendly neighbourhood hacker, cyber professionals and whatnot) and evil (Malicious actors,
cyber thugs, criminals). What side are you on?
Craig Ford, Australia

33
Insights and great moments from
the Inaugural Global
Cybersecurity Conference 2022
in Zurich, Switzerland

34

by Dr. Vivian Lyon, DIT, MBA, CRISC, CISM, CISA, CEH, PMP, CCSK, ITILv4
CISOs’ Emotional Intelligence
in Remote Working Era
35
Applying emotional intelligence to the remote
working environment increases employee
success, retention, satisfaction, and
productivity. Emotional Intelligence from a
CISOs lens might positively and significantly
impact the remote working experience.
What is Emotional Intelligence?
From a cyber, technology, and business leader
standpoint, emotional intelligence is the ability
to discern your and others' emotions precisely;
to understand the cues that emotions convey
about relationships; and manage your own and
others' emotions. CISOs should measure four
distinct areas of competency related to
emotional intelligence: self-awareness, self-
management, social awareness, and
relationship management.
Emotional self-awareness is the ability to
notice and label one's feelings, emotions, or
reactions and connect them to the source of
the emotions, feelings, or reactions. Identifying,
understanding, and assessing how one's
emotions, feelings, or reactions impact oneself
and others is a valuable insight that can
improve relationships and experiences. CISOs
that have a strong self-awareness: know what,
when, and why they feel the way they do and
how their emotions impact what they say and
do. CISOs struggling with self-awareness may
experience: difficulty understanding their
emotions, get upset quickly/easily, and have a
hard time with work-life balance. Emotional
self-awareness development strategies that
CISOs may adopt include: taking an emotional
intelligence assessment to gather a baseline,
regularly checking how you are feeling and
why, making time for self-reflection, practicing
healthy self-talk, and seeking and acting upon
feedback.
Behavioral self-management is the ability to
control one's emotions. CISOs with solid self-
management skills show: level-headedness,
positivity, and focus when faced with hostility
or conflict. CISOs struggling with self-
management may: react impulsively, be
defensive, are quick to judge, and inadequately
resolve problems. Self-management
development strategies that CISOs may adopt
include: keeping a journal that identifies
emotions and triggers and may be used to craft
composure, focus, and productive situational
plans.
Social awareness, also known as the
awareness of others' emotions and feelings, is
the ability to sense what others are feeling
(empathy), sense and understand their
perspectives within the scope of the situation
or organization (organizational awareness), and
anticipate their needs (service orientation).
CISOs could take an active interest in learning
and understanding how others feel or their
thoughts about a particular situation. CISOs
with strong social awareness demonstrate:
active listening and observing what is felt, i.e.,
empathy to illustrate understanding of others'
feelings and perspectives and working to reach
a resolution based on specific needs. CISOs
that struggle with social awareness may
experience difficulty understanding the needs
of others, being selective instead of actively
listening, acting without thinking about others'
feelings or perspectives, having challenges
sensing what others may be feeling, and may
be uncaring. Social awareness development
strategies that CISOs may adopt include:
practicing empathy, active listening, and
communicating with others to develop
situational, organizational, and service
orientation awareness.

by Dr. Vivian Lyon
>>
36
Relationship management refers to the ability
to combine self and social awareness into
conductive and rewarding outcomes. CISOs
with solid relationship management
demonstrate the ability to sense the
development needs of others, inspire others,
positively influence others, mitigate conflict,
and build teams by working with others toward
a shared goal. Communication is at the heart of
relationship management and the ability to
listen deeply and openly, including sending
clear, credible, and convincing messages that
provide context, understanding, and direction.
CISOs with solid relationship management
skills may demonstrate: context-driven
communications within the scope of how
individuals may perceive or react, actively
listen, promote transparent communication, are
open to feedback or different perspectives
without becoming defensive, and communicate
in a logical, organized, and straightforward
manner. CISOs that struggle with relationship
management may experience: the inability to
listen, interrupt, fail to ask for other opinions or
are not open to feedback, lack of consideration
of others, inconsiderate to different
perspectives or feelings, impulsive
communications, and unapproachable.
Relationship management development
strategies that CISOs may adopt include:
reflecting upon coaching, influencing,
persuading, inspirational leadership, and
conflict management practices that may help to
develop trust and improve communications,
relationships (individuals, teams, etc.), and
performance.
Where does emotional intelligence appear in
the remote working environment?
In a nutshell, everywhere. Remote workers
experience emotions from interacting with
colleagues, clients, and managers in the
remote work environment. The emotional
reactions to the interactions impact attitudes,
behaviors, and experiences.

by Dr. Vivian Lyon
>>
These three critical needs, autonomy,
competence, and relatedness, are crucial in
how CISOs lead toward an optimal emotional
intelligence experience in the remote working
environment. Neuroscience research reveals
that if we humans start, persist, and put in the
mental effort on anything, including working,
the brain will change and adapt regardless of
whether the human “likes” the working
environment or not. Compare the effort of the
remote working environment for the brain to
exercise for the body. Some humans may not
like working out 30 minutes a day, yet if they
start, persist, and put in the effort, their
muscles and health will improve and change
immediately. CISOs and remote workers can
adapt to the remote working environment while
promoting optimal emotional intelligence.
CISOs can help motivate remote workers and
develop in-depth emotional skills through their
experiences. CISOs must promote value, self-
efficacy, and attribution and avoid negative
emotional states.
Valuing - If workers value the remote working
experience or identify their "why," they are far
more likely to start, persist, and put in the
mental effort. CISOs must engage remote
workers in considering "what's in it for them"
and identifying what they value will increase
their persistence and, ultimately, their
competence and productivity.
Self-efficacy - This element relates to the need
for competence. If remote workers believe they
cannot accomplish something, regardless of
their value, they may not start, persist, or put
in the mental effort. CISOs must emphasize
that they can achieve their tasks timely through
good-natured and emotionally intelligent
support.
37

38
Dr. Vivian Lyon is a highly experienced, passionate Cybersecurity, Technology, and Cloud leader. She is
currently the CIO & CISO of Plaza Dynamics and a Cybersecurity and Computer Science Professor. Dr.
Lyon holds a Doctor of Information Technology (DIT) degree with a concentration in Cybersecurity,
Master of Business Administration (MBA), Certified in Risk and Information Systems Control™
(CRISC®), Certified Information Security Manager® (CISM®), Certified Information Systems Auditor®
(CISA®), Certified Ethical Hacker (CEH), Certified Cloud Security Knowledge® (CCSK), CompTIA
Security+, ITILv4® (ITILv4), Certified Identity Governance Expert (CIGE®), Certified Metaverse Security
Consultant (CMSC®), NFT Certification, Project Management Professional (PMP®), PMI Agile Certified
Practitioner (PMP-ACP®), Certified Scrum Master (CSM®), Certified Scrum Product Owner (CSPO®),
Certified DevOps Generalist™, AWS Certified Solutions Architect Associate (AWS CSAA), AWS Certified
Cloud Practitioner (AWS CCP), and more.
Dr. Lyon mentor’s girls and women in STEM fields. She is an active member of Forbes Technology
Council, Women in Technology (WIT), Executive Women's Forum (EWF), National Society of Leadership
& Success (NSLS), Cybersecurity Advisory Boards, RSA Fellow, and more.
Dr. Vivian Lyon, USA

MAGAZINE
Human Centered Communication Of Technology, Innovation, and Cybersecurity
TOP CYBER NEWS
Ludmila Morozova-Buss
Doctoral Student at
Capitol Technology University
ABOUT PEOPLE, BY PEOPLE, FOR PEOPLE
Editor-In-Chief
AN AWARD -WINNING DIGITAL MAGAZINE
39

MAGAZINE
TOP CYBER NEWS
«Thank you for making us all a true global Cyber Community! Our
Cyber Community, as exemplified in Top Cyber News MAGAZINE is
the ENVY of all other industries! We celebrate each other, and do so
across continents and language barriers. Today we celebrate Top
Cyber News MAGAZINE, Ludmila Morozova-Buss!»
Dr. Diane M Janosek, JD, CISSP, LPEC, Deputy Director of Compliance at
National Security Agency, USA
«Ludmila Morozova-Buss - you are one of the best cyber integrators -
how magically you have weaved the fabric of wonderful cyber warriors
all across the globe 🌎. Your work will find a place in our Cyber
history for generations to come.»
Prabir SAHA, Founder & CEO at Transformationplus Pty Limited, Australia
«Top Cyber News MAGAZINE continues to highlight those leaders of
cybersecurity that others may not know and at the same time inspiring
many others to become our future leaders in a cyber career that is so
desperately in need of additional employees»
Dr. Bradford SIMS, FRAeS, President at Capitol Technology University, USA
«For a while I have been working with Top Cyber News MAGAZINE, a
sharp editorial team that managed to build a community of
cybersecurity professionals from various domains. Great work!»
Margo KONIUSZEWSKI, President at The Bridge Foundation, Switzerland &
Poland
«The Cyber Security professionals that the magazine celebrates are all
of the Heroes whose Time + Talent + Treasure were brought to bear
to bridge the divide between the future-history and today.»
Stewart A SKOMRA, Principal, SocioTechonomic LLC, USA
40

Top Cyber News Magazine - Oct 2022

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Ähnlich wie Top Cyber News Magazine - Oct 2022

Ähnlich wie Top Cyber News Magazine - Oct 2022 (20)

Mehr von Matthew Rosenquist

Mehr von Matthew Rosenquist (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Top Cyber News Magazine - Oct 2022