It’s something we’ve been meaning to do for a very long time. Get the country’s top CISOs in a room, over a fabulous lunch and get them to share their pain together and learn from each other’s experiences. So last month at Gordon Ramsey’s private dining room at the Savoy we had 13 CISOs from many of the world’s largest companies seated around the most beautiful dining room table, with the most scrumptious food on earth – all being incredibly candid about how they see life through each other’s eyes and it wasn’t a pretty picture – these guys sure are the unsung hero!
The first of these lunches was kindly sponsored by Imperva and Amichai Shulman, their CTO, brilliantly set the scene explaining how Imperva sees the threat landscape today. Amichai spoke about APTs and said they are no longer about advanced persistent threats because because they certainly aren’t advanced, more a case of automatic and persistent, pushing continuously at every organisation no longer how big or small. Therefore, APTs should be renamed “automatic persistent threats”.
Most agreed that their roles have changed so it’s less about security and more about assessing risk and putting it in language that the board understands so that they get the funding for more investment. There are so many assets in a company that you could spend a lifetime prioritising them, but it is a certainty you’ll never protect everything 100%. Heading up security is now about working out what you can afford to protect and then making this area to prioritise – the rest just has to wait. What I found most interesting is that the CISOs agreed that a vast amount of data is dead after very few days, literally it loses its value after maybe a week to ten days then you just need to file it away safely or delete it.
It was very insightful listening to the CISOs share the same pain when it came to their end-users (and they sure do have a lot of pain) as it always comes down to the fact that if they were more clued in and aware of scams and the importance of protecting the data they work with, life would be a whole lot easier in the security department (or should that be the risk department!).
The most important take away from the lunch was that they really appreciated being together as they do mostly suffer from the same problems and it’s good to talk! By collectively sharing their problems and experiences, just maybe together as a close unit, they could come up with the solutions and answers to make their environments more secure. Phew! Am I pleased I’m the one that just has to organise these events as I wouldn’t want the CISOs responsibility.
Diane Ashfield, Senior Field & Channel Marketing Manager, EMEA at Imperva said of the lunch:
“Thank you to you and the team for making the CISO lunch such a success. I was very happy with the number and quality of guests. This was a job not just done, but a job done brilliantly. We were very happy with the number and quality of guests. The venue was great the food was fantastic and best of all there were interactive and relevant discussions which could lead to some excellent content that we can promote afterwards.
“The fact that we walked away with two major leads immediately following the event proves that this was event well worth investing in.”
Roll on November for our next CISO lunch club – can’t wait to hear what take away’s we’ll get from that one which is being sponsored by Voltage.
Attendees from the last CISO Lunch Club included –
CISO, NFU Mutual
Head of Information Security & Governance, www.bodog.co.uk
Vice President, Information Security, Monster Worldwide
CISO, Williams F1
Director, Global Security Office, Sapient
Director of Security, VocaLink
Chief Security Architect, Diageo
CEO, The Global Identity Foundation
CISO, Sab Miller
Executive Vice President BT Advise, BT
Head of Cyber Security and Response, HMRC
Director, Risk & ITCP Mgmt, GlaxoSmithKline
If you would be interested in sponsoring the CISO lunch club and have your CTO or team involved in presenting at the lunch then please contact on +44 (0) 207 1832 832, firstname.lastname@example.org or fill in the form below: