SlideShare a Scribd company logo

The Gathering Storm

Download as PPTX, PDF
InnoTech
InnoTech

Presented at InnoTech San Antonio 2018. All rights reserved.

Technology
1 of 27
The Gathering Storm THE CISO AS A TRANSFORMATIONAL LEADER
“If something cannot go on forever, it will stop.” - Herbert Stein, economist
Who Are We • Fred Ritch – Chief Operating Officer • Passion for making the complex simple • Career UX professional • Built user experience functions in several large organizations (IBM, Cisco, Dell) • Over 10 years experience in InfoSec • Shelly Carlin – Chief Executive Officer • C-Suite executive skilled at driving transformational change • 30+ years in finance and human resources • Former Chief HR Officer at Motorola • CEO,American Health Policy Institute
• Current state -The Rise of InfoSec • We’ve been here before – A cautionary tale • The CISO of the Future – Developing a business mindset • Preparing to Lead –What you can do now What we’ll cover
The Rise of InfoSec • Current InfoSec spending estimated at $100 billion, expected to double in the next 10 years • Explosion of products and solutions fueled by significant venture capital investments • InfoSec now one of the most important strategic challenges facing business
Back to the future? 2015 Ponemon Study 75% 41% 25% 59% 0% 10% 20% 30% 40% 50% 60% 70% 80% Today Future (3 years from now) Necessary cost Competitive Advantage Do your organization’s senior leadership view cybersecurity as a necessary cost or a competitive advantage? 34% 54% 66% 46% 0% 10% 20% 30% 40% 50% 60% 70% Today Future (3 years from now) Yes No or Unsure Does senior leadership view cybersecurity as a strategic priority ? 22% 66% 78% 34% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Today Future (3 years from now) Yes No or Unsure Does your organization’s security leader brief the board of directors on the cybersecurity strategy?
But…more money and greater visibility means people will ask: Where’s the money going?
The CFO Wants to Know • Finance professionals dislike “unmanaged” spend – especially when it’s growing rapidly • The CFO is accountable to the Board and shareholders – so he will intervene, eventually…and try to measure something he probably doesn’t understand “If something cannot go on forever, it will stop.” - Herbert Stein, economist
Cost of Employer-Sponsored Health Care $0 $100 $200 $300 $400 $500 $600 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 Billions EMPLOYER Contributions EMPLOYEE Contributions Private employers, 1997 - 2016
The current path is unsustainable • Accelerating spending that is not measured – and managed – is unsustainable • Pressure from the finance organization, the Board and regulators will result in the need to more clearly explain how money is being spent • The good news…we are at the early stage of the cost curve; history does not have to repeat Information Security professionals can transform our profession and create a sustainable foundation for the future.
The CISO of the Future A security professional with a business mindset and a collaborative approach to protecting against the threat of cyber crime, who creates business value by: • Aligning InfoSec investments to business priorities – recognizing all threats are not created equal • Measures the effectiveness of InfoSec activities in financial terms • Collaborates with the broader organization to lead an integrated response to the cyber threat
What is a Business Mindset? • When everything you do is intended to create competitive advantage for your company • There are two ways to create competitive advantage • Increase revenue • Reduce costs Everything you do must lead to higher revenue or lower costs – or why are you doing it?
How InfoSec Creates Strategic Advantage • Assess and Quantify Risk • Measure Financial Performance • Collaborate Across the Organization • Communicate Effectively
Assess and Quantify Risk • The CISO of the future will be skilled at assessing risk in the context of business strategies and quantifying it • The fundamental job of InfoSec is to help management determine the level of acceptable risk • Since risk must be assessed across the organization, it must be measured in the single common measure of business – dollars
Quantifying Risk • Since every business decision is about allocating scarce resources, all decisions must be stated in financial terms • The FAIR model is one approach to quantifying risk • Fundamental principles of FAIR • Risk – the probability that a loss will happen and the magnitude ($) of that loss • Measurement is not precision – it is the reduction of uncertainty • Probability v. Possibility – a world of difference • Forecasts are not predictions
Measure Financial Performance • The CISO of the future will be charged with both fighting the war and getting smarter in funding the war against cyber crime • Instead of fighting budget battles, understand how resource allocation decisions are made – it’s about risk v. return • Invest in controls in a way that reflects the risk profile of your business • Measure the operational and financial performance of your controls
How did your controls perform – financially? • Measuring how well your controls (tools, processes) prevented or identified an attack is only part of the story • Senior executives measure performance relative to the cost of delivering that performance • Once you align your InfoSec spending to the company’s most critical risks, you need to measure how well those controls performed – taking into account the amount invested in them
Measuring InfoSec ROI COST of control failure offset by SAVINGS from control success Net Benefit (Cost)= RETURN on INVESTMENT = INVESTMENT in the control
COST of control failure offset by SAVINGS from control success Actual cost of any breaches experienced during the period “Noise” – actual cost of investigating false positives generated by the control plus Measuring InfoSec ROI
Measuring InfoSec ROI COST of control failure offset by SAVINGS from control success Estimated average cost of a breach Probability of that a breach will occur and result in financial loss multiplied by
Measuring InfoSec ROI COST of control failure offset by SAVINGS from control success Net Benefit (Cost)= INVESTMENT in the control Fixed cost of the control
Measuring InfoSec ROI COST of control failure offset by SAVINGS from control success Net Benefit (Cost)= RETURN on INVESTMENT = INVESTMENT in the control
Collaborate Across the Organization • The CISO of the future will work across organizations and functions to lead an integrated response to the strategic threat posed by cyber crime • Collaboration means aligning across the organization with a common goal in mind – maximizing the performance of the business Collaboration is hard. It requires the ability to listen with the intent to understand. And a commitment to a larger, common goal.
Communicate Effectively • The CISO of the future will effectively translate threats, risks and opportunities into actionable information for executives and Boards of Directors • Communicating effectively is the result of a business-oriented approach to InfoSec • Business-driven assessment and quantification of risk • An integrated risk management plan with broad organizational support • A disciplined method to measure both the operational and financial performance of the company’s InfoSec investment
Key Takeaways • Accelerated unmeasured spending is unsustainable • We’ve been here before – healthcare • InfoSec professionals are key to leading the transformation
Preparing to Lead • It’s a choice – agree or not – but think about it • What you can do • Think differently about risk (FAIR is a good start) • Go beyond budget battles and measure the financial performance of your initiatives • Understand your peers in business and finance; how can you contribute to their success? How can they help you? • Communicate with a business mindset
Thank You! ShellyCarlin shelly.carlin@cambioanalytics.com Fred Ritch fred.ritch@cambioanalytics.com

Recommended

Courageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostCourageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostInnoTech
 
Risk assessment and compliance 151119
Risk assessment and compliance 151119Risk assessment and compliance 151119
Risk assessment and compliance 151119KAYODE ADEBIYI
 
Driving profits with purpose: How HR and finance can collaborate and inspire ...
Driving profits with purpose: How HR and finance can collaborate and inspire ...Driving profits with purpose: How HR and finance can collaborate and inspire ...
Driving profits with purpose: How HR and finance can collaborate and inspire ...LinkedIn Talent Solutions
 
Hiring Screen - HR Conference 2015
Hiring Screen - HR Conference 2015Hiring Screen - HR Conference 2015
Hiring Screen - HR Conference 2015Richard Hanson
 
pdxMindShare's November Presentation with Terry "Starbucker"
pdxMindShare's November Presentation with Terry "Starbucker"pdxMindShare's November Presentation with Terry "Starbucker"
pdxMindShare's November Presentation with Terry "Starbucker"pdx MindShare
 
Business Analytics and Organizational Change Management
Business Analytics and Organizational Change ManagementBusiness Analytics and Organizational Change Management
Business Analytics and Organizational Change ManagementWittenberg University
 
Why People Leave
Why People LeaveWhy People Leave
Why People LeaveThe Predictive Index
 
What’s in it for me? Why you should support women in business.
What’s in it for me? Why you should support women in business.What’s in it for me? Why you should support women in business.
What’s in it for me? Why you should support women in business.Mary Jesse
 

Recommended

Courageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostCourageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostInnoTech
 
Risk assessment and compliance 151119
Risk assessment and compliance 151119Risk assessment and compliance 151119
Risk assessment and compliance 151119KAYODE ADEBIYI
 
Driving profits with purpose: How HR and finance can collaborate and inspire ...
Driving profits with purpose: How HR and finance can collaborate and inspire ...Driving profits with purpose: How HR and finance can collaborate and inspire ...
Driving profits with purpose: How HR and finance can collaborate and inspire ...LinkedIn Talent Solutions
 
Hiring Screen - HR Conference 2015
Hiring Screen - HR Conference 2015Hiring Screen - HR Conference 2015
Hiring Screen - HR Conference 2015Richard Hanson
 
pdxMindShare's November Presentation with Terry "Starbucker"
pdxMindShare's November Presentation with Terry "Starbucker"pdxMindShare's November Presentation with Terry "Starbucker"
pdxMindShare's November Presentation with Terry "Starbucker"pdx MindShare
 
Business Analytics and Organizational Change Management
Business Analytics and Organizational Change ManagementBusiness Analytics and Organizational Change Management
Business Analytics and Organizational Change ManagementWittenberg University
 
Why People Leave
Why People LeaveWhy People Leave
Why People LeaveThe Predictive Index
 
What’s in it for me? Why you should support women in business.
What’s in it for me? Why you should support women in business.What’s in it for me? Why you should support women in business.
What’s in it for me? Why you should support women in business.Mary Jesse
 
Strategic Foresight: How to Think Ahead for Business Unusual
Strategic Foresight: How to Think Ahead for Business UnusualStrategic Foresight: How to Think Ahead for Business Unusual
Strategic Foresight: How to Think Ahead for Business UnusualAnisa Aven, BCC, NLPC: 281-469-4244
 
Why Engagement Matters: Change Your Culture, Change Your Bottom Line
Why Engagement Matters: Change Your Culture, Change Your Bottom LineWhy Engagement Matters: Change Your Culture, Change Your Bottom Line
Why Engagement Matters: Change Your Culture, Change Your Bottom Linesparcedge
 
CHRA Decider Advantage Linked In
CHRA Decider Advantage Linked InCHRA Decider Advantage Linked In
CHRA Decider Advantage Linked InNickTasler
 
Bridging Business and HR
Bridging Business and HRBridging Business and HR
Bridging Business and HRBetterWorks
 
Lessons from the Worlds Top 5 MSPs MAX2014 - Gordon Tan
Lessons from the Worlds Top 5 MSPs MAX2014 - Gordon Tan Lessons from the Worlds Top 5 MSPs MAX2014 - Gordon Tan
Lessons from the Worlds Top 5 MSPs MAX2014 - Gordon Tan MAXfocus
 
The Chemistry of Employee Engagement
The Chemistry of Employee EngagementThe Chemistry of Employee Engagement
The Chemistry of Employee EngagementGlintInc
 
Make or Break Moments
Make or Break MomentsMake or Break Moments
Make or Break MomentsKam Kazemi
 
Agile Psychology - Focus on Delivery
Agile Psychology - Focus on DeliveryAgile Psychology - Focus on Delivery
Agile Psychology - Focus on DeliveryKirill Romanov
 
Changing Change Management
Changing Change ManagementChanging Change Management
Changing Change ManagementLuis Alejandro Molina Sánchez
 
Leading your talent acquisition team through change | Talent Connect 2016
Leading your talent acquisition team through change | Talent Connect 2016Leading your talent acquisition team through change | Talent Connect 2016
Leading your talent acquisition team through change | Talent Connect 2016LinkedIn Talent Solutions
 
The five-step guide to finding the purple squirrel | Talent Connect 2016
The five-step guide to finding the purple squirrel | Talent Connect 2016The five-step guide to finding the purple squirrel | Talent Connect 2016
The five-step guide to finding the purple squirrel | Talent Connect 2016LinkedIn Talent Solutions
 
Patrick McHugh: Incentives in Context
Patrick McHugh: Incentives in ContextPatrick McHugh: Incentives in Context
Patrick McHugh: Incentives in ContextNorth Carolina Association of County Commissioners
 
Zach Frank: Pitfalls of Predicative Models in People Analytics
Zach Frank: Pitfalls of Predicative Models in People AnalyticsZach Frank: Pitfalls of Predicative Models in People Analytics
Zach Frank: Pitfalls of Predicative Models in People AnalyticsEdunomica
 
The New Talent Relationship
The New Talent RelationshipThe New Talent Relationship
The New Talent RelationshipGlintInc
 
Change bang
Change bangChange bang
Change bangGabriel Manole
 
Sourcer re-defined | Talent Connect 2016
Sourcer re-defined | Talent Connect 2016Sourcer re-defined | Talent Connect 2016
Sourcer re-defined | Talent Connect 2016LinkedIn Talent Solutions
 
Economics of trust_webinar
Economics of trust_webinarEconomics of trust_webinar
Economics of trust_webinarInsight Experience
 
The complete guide to change management
The complete guide to change managementThe complete guide to change management
The complete guide to change managementRich Fierson -CSSGB, CICD
 
Webinar: 7 Employee Experience Trends That Will Dominate 2019
Webinar: 7 Employee Experience Trends That Will Dominate 2019 Webinar: 7 Employee Experience Trends That Will Dominate 2019
Webinar: 7 Employee Experience Trends That Will Dominate 2019 Limeade
 
Top 10 things you can do to ensure success in a value-based health care world...
Top 10 things you can do to ensure success in a value-based health care world...Top 10 things you can do to ensure success in a value-based health care world...
Top 10 things you can do to ensure success in a value-based health care world...Sarah Crick
 
Management Reporting and Innovation - IPA Conference 2015
Management Reporting and Innovation - IPA Conference 2015Management Reporting and Innovation - IPA Conference 2015
Management Reporting and Innovation - IPA Conference 2015Chris Catto
 
The Datafication of HR: Building your Business Case for Workforce Analytics a...
The Datafication of HR: Building your Business Case for Workforce Analytics a...The Datafication of HR: Building your Business Case for Workforce Analytics a...
The Datafication of HR: Building your Business Case for Workforce Analytics a...Human Capital Media
 

More Related Content

What's hot

Why Engagement Matters: Change Your Culture, Change Your Bottom Line
Why Engagement Matters: Change Your Culture, Change Your Bottom LineWhy Engagement Matters: Change Your Culture, Change Your Bottom Line
Why Engagement Matters: Change Your Culture, Change Your Bottom Linesparcedge
 
CHRA Decider Advantage Linked In
CHRA Decider Advantage Linked InCHRA Decider Advantage Linked In
CHRA Decider Advantage Linked InNickTasler
 
Bridging Business and HR
Bridging Business and HRBridging Business and HR
Bridging Business and HRBetterWorks
 
Lessons from the Worlds Top 5 MSPs MAX2014 - Gordon Tan
Lessons from the Worlds Top 5 MSPs MAX2014 - Gordon Tan Lessons from the Worlds Top 5 MSPs MAX2014 - Gordon Tan
Lessons from the Worlds Top 5 MSPs MAX2014 - Gordon Tan MAXfocus
 
The Chemistry of Employee Engagement
The Chemistry of Employee EngagementThe Chemistry of Employee Engagement
The Chemistry of Employee EngagementGlintInc
 
Make or Break Moments
Make or Break MomentsMake or Break Moments
Make or Break MomentsKam Kazemi
 
Agile Psychology - Focus on Delivery
Agile Psychology - Focus on DeliveryAgile Psychology - Focus on Delivery
Agile Psychology - Focus on DeliveryKirill Romanov
 
Leading your talent acquisition team through change | Talent Connect 2016
Leading your talent acquisition team through change | Talent Connect 2016Leading your talent acquisition team through change | Talent Connect 2016
Leading your talent acquisition team through change | Talent Connect 2016LinkedIn Talent Solutions
 
The five-step guide to finding the purple squirrel | Talent Connect 2016
The five-step guide to finding the purple squirrel | Talent Connect 2016The five-step guide to finding the purple squirrel | Talent Connect 2016
The five-step guide to finding the purple squirrel | Talent Connect 2016LinkedIn Talent Solutions
 
Zach Frank: Pitfalls of Predicative Models in People Analytics
Zach Frank: Pitfalls of Predicative Models in People AnalyticsZach Frank: Pitfalls of Predicative Models in People Analytics
Zach Frank: Pitfalls of Predicative Models in People AnalyticsEdunomica
 
The New Talent Relationship
The New Talent RelationshipThe New Talent Relationship
The New Talent RelationshipGlintInc
 
Webinar: 7 Employee Experience Trends That Will Dominate 2019
Webinar: 7 Employee Experience Trends That Will Dominate 2019 Webinar: 7 Employee Experience Trends That Will Dominate 2019
Webinar: 7 Employee Experience Trends That Will Dominate 2019 Limeade
 
Top 10 things you can do to ensure success in a value-based health care world...
Top 10 things you can do to ensure success in a value-based health care world...Top 10 things you can do to ensure success in a value-based health care world...
Top 10 things you can do to ensure success in a value-based health care world...Sarah Crick
 

What's hot (20)

Strategic Foresight: How to Think Ahead for Business Unusual
Strategic Foresight: How to Think Ahead for Business UnusualStrategic Foresight: How to Think Ahead for Business Unusual
Strategic Foresight: How to Think Ahead for Business Unusual
 
Why Engagement Matters: Change Your Culture, Change Your Bottom Line
Why Engagement Matters: Change Your Culture, Change Your Bottom LineWhy Engagement Matters: Change Your Culture, Change Your Bottom Line
Why Engagement Matters: Change Your Culture, Change Your Bottom Line
 
CHRA Decider Advantage Linked In
CHRA Decider Advantage Linked InCHRA Decider Advantage Linked In
CHRA Decider Advantage Linked In
 
Bridging Business and HR
Bridging Business and HRBridging Business and HR
Bridging Business and HR
 
Lessons from the Worlds Top 5 MSPs MAX2014 - Gordon Tan
Lessons from the Worlds Top 5 MSPs MAX2014 - Gordon Tan Lessons from the Worlds Top 5 MSPs MAX2014 - Gordon Tan
Lessons from the Worlds Top 5 MSPs MAX2014 - Gordon Tan
 
The Chemistry of Employee Engagement
The Chemistry of Employee EngagementThe Chemistry of Employee Engagement
The Chemistry of Employee Engagement
 
Make or Break Moments
Make or Break MomentsMake or Break Moments
Make or Break Moments
 
Agile Psychology - Focus on Delivery
Agile Psychology - Focus on DeliveryAgile Psychology - Focus on Delivery
Agile Psychology - Focus on Delivery
 
Changing Change Management
Changing Change ManagementChanging Change Management
Changing Change Management
 
Leading your talent acquisition team through change | Talent Connect 2016
Leading your talent acquisition team through change | Talent Connect 2016Leading your talent acquisition team through change | Talent Connect 2016
Leading your talent acquisition team through change | Talent Connect 2016
 
The five-step guide to finding the purple squirrel | Talent Connect 2016
The five-step guide to finding the purple squirrel | Talent Connect 2016The five-step guide to finding the purple squirrel | Talent Connect 2016
The five-step guide to finding the purple squirrel | Talent Connect 2016
 
Patrick McHugh: Incentives in Context
Patrick McHugh: Incentives in ContextPatrick McHugh: Incentives in Context
Patrick McHugh: Incentives in Context
 
Zach Frank: Pitfalls of Predicative Models in People Analytics
Zach Frank: Pitfalls of Predicative Models in People AnalyticsZach Frank: Pitfalls of Predicative Models in People Analytics
Zach Frank: Pitfalls of Predicative Models in People Analytics
 
The New Talent Relationship
The New Talent RelationshipThe New Talent Relationship
The New Talent Relationship
 
Change bang
Change bangChange bang
Change bang
 
Sourcer re-defined | Talent Connect 2016
Sourcer re-defined | Talent Connect 2016Sourcer re-defined | Talent Connect 2016
Sourcer re-defined | Talent Connect 2016
 
Economics of trust_webinar
Economics of trust_webinarEconomics of trust_webinar
Economics of trust_webinar
 
The complete guide to change management
The complete guide to change managementThe complete guide to change management
The complete guide to change management
 
Webinar: 7 Employee Experience Trends That Will Dominate 2019
Webinar: 7 Employee Experience Trends That Will Dominate 2019 Webinar: 7 Employee Experience Trends That Will Dominate 2019
Webinar: 7 Employee Experience Trends That Will Dominate 2019
 
Top 10 things you can do to ensure success in a value-based health care world...
Top 10 things you can do to ensure success in a value-based health care world...Top 10 things you can do to ensure success in a value-based health care world...
Top 10 things you can do to ensure success in a value-based health care world...
 

Similar to The Gathering Storm

Management Reporting and Innovation - IPA Conference 2015
Management Reporting and Innovation - IPA Conference 2015Management Reporting and Innovation - IPA Conference 2015
Management Reporting and Innovation - IPA Conference 2015Chris Catto
 
The Datafication of HR: Building your Business Case for Workforce Analytics a...
The Datafication of HR: Building your Business Case for Workforce Analytics a...The Datafication of HR: Building your Business Case for Workforce Analytics a...
The Datafication of HR: Building your Business Case for Workforce Analytics a...Human Capital Media
 
Using Threat Information to Build Your Cyber Risk Intelligence Program
Using Threat Information to Build Your Cyber Risk Intelligence ProgramUsing Threat Information to Build Your Cyber Risk Intelligence Program
Using Threat Information to Build Your Cyber Risk Intelligence ProgramSurfWatch Labs
 
Strategy value ff
Strategy value ffStrategy value ff
Strategy value ffFarooq Omar
 
Elevating the Role of the CIO to Strategic Business Partner
Elevating the Role of the CIO to Strategic Business PartnerElevating the Role of the CIO to Strategic Business Partner
Elevating the Role of the CIO to Strategic Business PartnerChangepoint
 
Global Sourcing Collaborative Relationships
Global Sourcing Collaborative RelationshipsGlobal Sourcing Collaborative Relationships
Global Sourcing Collaborative RelationshipsJoann Martin
 
Effective Financial Forecasting - Develop the Capabilities Necessary to Antic...
Effective Financial Forecasting - Develop the Capabilities Necessary to Antic...Effective Financial Forecasting - Develop the Capabilities Necessary to Antic...
Effective Financial Forecasting - Develop the Capabilities Necessary to Antic...Stephen G. Lynch
 
Erm overview of auditing fraud and revenue assurance
Erm overview of auditing fraud and revenue assuranceErm overview of auditing fraud and revenue assurance
Erm overview of auditing fraud and revenue assurancewisnu wardhana, i nyoman
 
Microsoft Dynamics CRM - Solution Brief For A Finance Executive Overview
Microsoft Dynamics CRM - Solution Brief For A Finance Executive OverviewMicrosoft Dynamics CRM - Solution Brief For A Finance Executive Overview
Microsoft Dynamics CRM - Solution Brief For A Finance Executive OverviewMicrosoft Private Cloud
 
The 7 Factors of CISO Impact
The 7 Factors of CISO ImpactThe 7 Factors of CISO Impact
The 7 Factors of CISO ImpactIANS
 
The 7 Factors of CISO Impact
The 7 Factors of CISO ImpactThe 7 Factors of CISO Impact
The 7 Factors of CISO ImpactAndrew Sanders
 
Abiliti Enterprise Governance 2010[Final]
Abiliti Enterprise Governance 2010[Final]Abiliti Enterprise Governance 2010[Final]
Abiliti Enterprise Governance 2010[Final]Nigel Tebbutt
 
Presentation by Alex Abolmasov on C5 Private equity conference
Presentation by Alex Abolmasov on C5 Private equity conference Presentation by Alex Abolmasov on C5 Private equity conference
Presentation by Alex Abolmasov on C5 Private equity conference Alexander Abolmasov
 
Core value vital signs 5.0
Core value vital signs 5.0Core value vital signs 5.0
Core value vital signs 5.0Bill Dunnington
 
Your mantra for 2014 improve financial strength and performance for sba
Your mantra for 2014 improve financial strength and performance for sbaYour mantra for 2014 improve financial strength and performance for sba
Your mantra for 2014 improve financial strength and performance for sbaFriedman Associates
 
Financial Forecasts and Projections - Paul Beckman
Financial Forecasts and Projections - Paul BeckmanFinancial Forecasts and Projections - Paul Beckman
Financial Forecasts and Projections - Paul BeckmanDecosimoCPAs
 
Reducing regulatory capital by instigating risk management system and operati...
Reducing regulatory capital by instigating risk management system and operati...Reducing regulatory capital by instigating risk management system and operati...
Reducing regulatory capital by instigating risk management system and operati...Compliance Consultant
 

Similar to The Gathering Storm (20)

Management Reporting and Innovation - IPA Conference 2015
Management Reporting and Innovation - IPA Conference 2015Management Reporting and Innovation - IPA Conference 2015
Management Reporting and Innovation - IPA Conference 2015
 
The Datafication of HR: Building your Business Case for Workforce Analytics a...
The Datafication of HR: Building your Business Case for Workforce Analytics a...The Datafication of HR: Building your Business Case for Workforce Analytics a...
The Datafication of HR: Building your Business Case for Workforce Analytics a...
 
Using Threat Information to Build Your Cyber Risk Intelligence Program
Using Threat Information to Build Your Cyber Risk Intelligence ProgramUsing Threat Information to Build Your Cyber Risk Intelligence Program
Using Threat Information to Build Your Cyber Risk Intelligence Program
 
Strategy value ff
Strategy value ffStrategy value ff
Strategy value ff
 
Elevating the Role of the CIO to Strategic Business Partner
Elevating the Role of the CIO to Strategic Business PartnerElevating the Role of the CIO to Strategic Business Partner
Elevating the Role of the CIO to Strategic Business Partner
 
Global Sourcing Collaborative Relationships
Global Sourcing Collaborative RelationshipsGlobal Sourcing Collaborative Relationships
Global Sourcing Collaborative Relationships
 
Effective Financial Forecasting - Develop the Capabilities Necessary to Antic...
Effective Financial Forecasting - Develop the Capabilities Necessary to Antic...Effective Financial Forecasting - Develop the Capabilities Necessary to Antic...
Effective Financial Forecasting - Develop the Capabilities Necessary to Antic...
 
Erm overview of auditing fraud and revenue assurance
Erm overview of auditing fraud and revenue assuranceErm overview of auditing fraud and revenue assurance
Erm overview of auditing fraud and revenue assurance
 
Microsoft Dynamics CRM - Solution Brief For A Finance Executive Overview
Microsoft Dynamics CRM - Solution Brief For A Finance Executive OverviewMicrosoft Dynamics CRM - Solution Brief For A Finance Executive Overview
Microsoft Dynamics CRM - Solution Brief For A Finance Executive Overview
 
The 7 Factors of CISO Impact
The 7 Factors of CISO ImpactThe 7 Factors of CISO Impact
The 7 Factors of CISO Impact
 
The 7 Factors of CISO Impact
The 7 Factors of CISO ImpactThe 7 Factors of CISO Impact
The 7 Factors of CISO Impact
 
Abiliti Enterprise Governance 2010[Final]
Abiliti Enterprise Governance 2010[Final]Abiliti Enterprise Governance 2010[Final]
Abiliti Enterprise Governance 2010[Final]
 
Presentation by Alex Abolmasov on C5 Private equity conference
Presentation by Alex Abolmasov on C5 Private equity conference Presentation by Alex Abolmasov on C5 Private equity conference
Presentation by Alex Abolmasov on C5 Private equity conference
 
Core value vital signs 5.0
Core value vital signs 5.0Core value vital signs 5.0
Core value vital signs 5.0
 
Your mantra for 2014 improve financial strength and performance for sba
Your mantra for 2014 improve financial strength and performance for sbaYour mantra for 2014 improve financial strength and performance for sba
Your mantra for 2014 improve financial strength and performance for sba
 
Angela Witzany
Angela WitzanyAngela Witzany
Angela Witzany
 
Physical security roi
Physical security roi Physical security roi
Physical security roi
 
Financial Forecasts and Projections - Paul Beckman
Financial Forecasts and Projections - Paul BeckmanFinancial Forecasts and Projections - Paul Beckman
Financial Forecasts and Projections - Paul Beckman
 
Reducing Regulatory Capital
Reducing Regulatory CapitalReducing Regulatory Capital
Reducing Regulatory Capital
 
Reducing regulatory capital by instigating risk management system and operati...
Reducing regulatory capital by instigating risk management system and operati...Reducing regulatory capital by instigating risk management system and operati...
Reducing regulatory capital by instigating risk management system and operati...
 

More from InnoTech

"So you want to raise funding and build a team?"
"So you want to raise funding and build a team?""So you want to raise funding and build a team?"
"So you want to raise funding and build a team?"InnoTech
 
Artificial Intelligence is Maturing
Artificial Intelligence is MaturingArtificial Intelligence is Maturing
Artificial Intelligence is MaturingInnoTech
 
What is AI without Data?
What is AI without Data?What is AI without Data?
What is AI without Data?InnoTech
 
Sql Server tips from the field
Sql Server tips from the fieldSql Server tips from the field
Sql Server tips from the fieldInnoTech
 
Quantum Computing and its security implications
Quantum Computing and its security implicationsQuantum Computing and its security implications
Quantum Computing and its security implicationsInnoTech
 
Converged Infrastructure
Converged InfrastructureConverged Infrastructure
Converged InfrastructureInnoTech
 
Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365InnoTech
 
Blockchain use cases and case studies
Blockchain use cases and case studiesBlockchain use cases and case studies
Blockchain use cases and case studiesInnoTech
 
Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential InnoTech
 
Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?InnoTech
 
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...InnoTech
 
Using Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeUsing Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeInnoTech
 
User requirements is a fallacy
User requirements is a fallacyUser requirements is a fallacy
User requirements is a fallacyInnoTech
 
What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio InnoTech
 
Disaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumDisaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumInnoTech
 
Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2InnoTech
 
Sp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionSp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionInnoTech
 
Power apps presentation
Power apps presentationPower apps presentation
Power apps presentationInnoTech
 
Using rest to create responsive html 5 share point intranets
Using rest to create responsive html 5 share point intranetsUsing rest to create responsive html 5 share point intranets
Using rest to create responsive html 5 share point intranetsInnoTech
 
Making the most of search in share point and office 365 sharepoint tech...
Making the most of search in share point and office 365 sharepoint tech...Making the most of search in share point and office 365 sharepoint tech...
Making the most of search in share point and office 365 sharepoint tech...InnoTech
 

More from InnoTech (20)

"So you want to raise funding and build a team?"
"So you want to raise funding and build a team?""So you want to raise funding and build a team?"
"So you want to raise funding and build a team?"
 
Artificial Intelligence is Maturing
Artificial Intelligence is MaturingArtificial Intelligence is Maturing
Artificial Intelligence is Maturing
 
What is AI without Data?
What is AI without Data?What is AI without Data?
What is AI without Data?
 
Sql Server tips from the field
Sql Server tips from the fieldSql Server tips from the field
Sql Server tips from the field
 
Quantum Computing and its security implications
Quantum Computing and its security implicationsQuantum Computing and its security implications
Quantum Computing and its security implications
 
Converged Infrastructure
Converged InfrastructureConverged Infrastructure
Converged Infrastructure
 
Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365
 
Blockchain use cases and case studies
Blockchain use cases and case studiesBlockchain use cases and case studies
Blockchain use cases and case studies
 
Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential
 
Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?
 
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
 
Using Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeUsing Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to Life
 
User requirements is a fallacy
User requirements is a fallacyUser requirements is a fallacy
User requirements is a fallacy
 
What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio
 
Disaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumDisaster Recovery Plan - Quorum
Disaster Recovery Plan - Quorum
 
Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2
 
Sp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionSp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner session
 
Power apps presentation
Power apps presentationPower apps presentation
Power apps presentation
 
Using rest to create responsive html 5 share point intranets
Using rest to create responsive html 5 share point intranetsUsing rest to create responsive html 5 share point intranets
Using rest to create responsive html 5 share point intranets
 
Making the most of search in share point and office 365 sharepoint tech...
Making the most of search in share point and office 365 sharepoint tech...Making the most of search in share point and office 365 sharepoint tech...
Making the most of search in share point and office 365 sharepoint tech...
 

Recently uploaded

AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 

Recently uploaded (20)

AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 

The Gathering Storm

  • 1. The Gathering Storm THE CISO AS A TRANSFORMATIONAL LEADER
  • 2. “If something cannot go on forever, it will stop.” - Herbert Stein, economist
  • 3. Who Are We • Fred Ritch – Chief Operating Officer • Passion for making the complex simple • Career UX professional • Built user experience functions in several large organizations (IBM, Cisco, Dell) • Over 10 years experience in InfoSec • Shelly Carlin – Chief Executive Officer • C-Suite executive skilled at driving transformational change • 30+ years in finance and human resources • Former Chief HR Officer at Motorola • CEO,American Health Policy Institute
  • 4. • Current state -The Rise of InfoSec • We’ve been here before – A cautionary tale • The CISO of the Future – Developing a business mindset • Preparing to Lead –What you can do now What we’ll cover
  • 5. The Rise of InfoSec • Current InfoSec spending estimated at $100 billion, expected to double in the next 10 years • Explosion of products and solutions fueled by significant venture capital investments • InfoSec now one of the most important strategic challenges facing business
  • 6. Back to the future? 2015 Ponemon Study 75% 41% 25% 59% 0% 10% 20% 30% 40% 50% 60% 70% 80% Today Future (3 years from now) Necessary cost Competitive Advantage Do your organization’s senior leadership view cybersecurity as a necessary cost or a competitive advantage? 34% 54% 66% 46% 0% 10% 20% 30% 40% 50% 60% 70% Today Future (3 years from now) Yes No or Unsure Does senior leadership view cybersecurity as a strategic priority ? 22% 66% 78% 34% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Today Future (3 years from now) Yes No or Unsure Does your organization’s security leader brief the board of directors on the cybersecurity strategy?
  • 7. But…more money and greater visibility means people will ask: Where’s the money going?
  • 8. The CFO Wants to Know • Finance professionals dislike “unmanaged” spend – especially when it’s growing rapidly • The CFO is accountable to the Board and shareholders – so he will intervene, eventually…and try to measure something he probably doesn’t understand “If something cannot go on forever, it will stop.” - Herbert Stein, economist
  • 9. Cost of Employer-Sponsored Health Care $0 $100 $200 $300 $400 $500 $600 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 Billions EMPLOYER Contributions EMPLOYEE Contributions Private employers, 1997 - 2016
  • 10. The current path is unsustainable • Accelerating spending that is not measured – and managed – is unsustainable • Pressure from the finance organization, the Board and regulators will result in the need to more clearly explain how money is being spent • The good news…we are at the early stage of the cost curve; history does not have to repeat Information Security professionals can transform our profession and create a sustainable foundation for the future.
  • 11. The CISO of the Future A security professional with a business mindset and a collaborative approach to protecting against the threat of cyber crime, who creates business value by: • Aligning InfoSec investments to business priorities – recognizing all threats are not created equal • Measures the effectiveness of InfoSec activities in financial terms • Collaborates with the broader organization to lead an integrated response to the cyber threat
  • 12. What is a Business Mindset? • When everything you do is intended to create competitive advantage for your company • There are two ways to create competitive advantage • Increase revenue • Reduce costs Everything you do must lead to higher revenue or lower costs – or why are you doing it?
  • 13. How InfoSec Creates Strategic Advantage • Assess and Quantify Risk • Measure Financial Performance • Collaborate Across the Organization • Communicate Effectively
  • 14. Assess and Quantify Risk • The CISO of the future will be skilled at assessing risk in the context of business strategies and quantifying it • The fundamental job of InfoSec is to help management determine the level of acceptable risk • Since risk must be assessed across the organization, it must be measured in the single common measure of business – dollars
  • 15. Quantifying Risk • Since every business decision is about allocating scarce resources, all decisions must be stated in financial terms • The FAIR model is one approach to quantifying risk • Fundamental principles of FAIR • Risk – the probability that a loss will happen and the magnitude ($) of that loss • Measurement is not precision – it is the reduction of uncertainty • Probability v. Possibility – a world of difference • Forecasts are not predictions
  • 16. Measure Financial Performance • The CISO of the future will be charged with both fighting the war and getting smarter in funding the war against cyber crime • Instead of fighting budget battles, understand how resource allocation decisions are made – it’s about risk v. return • Invest in controls in a way that reflects the risk profile of your business • Measure the operational and financial performance of your controls
  • 17. How did your controls perform – financially? • Measuring how well your controls (tools, processes) prevented or identified an attack is only part of the story • Senior executives measure performance relative to the cost of delivering that performance • Once you align your InfoSec spending to the company’s most critical risks, you need to measure how well those controls performed – taking into account the amount invested in them
  • 18. Measuring InfoSec ROI COST of control failure offset by SAVINGS from control success Net Benefit (Cost)= RETURN on INVESTMENT = INVESTMENT in the control
  • 19. COST of control failure offset by SAVINGS from control success Actual cost of any breaches experienced during the period “Noise” – actual cost of investigating false positives generated by the control plus Measuring InfoSec ROI
  • 20. Measuring InfoSec ROI COST of control failure offset by SAVINGS from control success Estimated average cost of a breach Probability of that a breach will occur and result in financial loss multiplied by
  • 21. Measuring InfoSec ROI COST of control failure offset by SAVINGS from control success Net Benefit (Cost)= INVESTMENT in the control Fixed cost of the control
  • 22. Measuring InfoSec ROI COST of control failure offset by SAVINGS from control success Net Benefit (Cost)= RETURN on INVESTMENT = INVESTMENT in the control
  • 23. Collaborate Across the Organization • The CISO of the future will work across organizations and functions to lead an integrated response to the strategic threat posed by cyber crime • Collaboration means aligning across the organization with a common goal in mind – maximizing the performance of the business Collaboration is hard. It requires the ability to listen with the intent to understand. And a commitment to a larger, common goal.
  • 24. Communicate Effectively • The CISO of the future will effectively translate threats, risks and opportunities into actionable information for executives and Boards of Directors • Communicating effectively is the result of a business-oriented approach to InfoSec • Business-driven assessment and quantification of risk • An integrated risk management plan with broad organizational support • A disciplined method to measure both the operational and financial performance of the company’s InfoSec investment
  • 25. Key Takeaways • Accelerated unmeasured spending is unsustainable • We’ve been here before – healthcare • InfoSec professionals are key to leading the transformation
  • 26. Preparing to Lead • It’s a choice – agree or not – but think about it • What you can do • Think differently about risk (FAIR is a good start) • Go beyond budget battles and measure the financial performance of your initiatives • Understand your peers in business and finance; how can you contribute to their success? How can they help you? • Communicate with a business mindset

Editor's Notes

  1. I think we should state our problem statement right up front – Ted Talk style. Thanks for being here….our presentation is called the ’Gathering Storm’ because…
  2. Objective: Establish credibility, set the tone Fred’s Story Career UX professional – focus on the world of users Learned info sec from the “outside in”: Users POV first – then tech Started in 2006 – very ‘operational oriented’ – 12 years Have watched infosec grow and mature in many respects – but still struggling to pivot into a mature business practice Research has told us a change must come – and that’s what we are here to talk about. Shelly’s Story 35 year executive professional – transformational HR leader in C-suite BoD experience – brings business acumen POV Connected with Fred via infosec startup adventure – focus on ops Through that experience and exposure to the world of info sec – saw many parelles to other business functions Formed an opinion based in extensive experience about direction infosec is headed in terms of business impact - and that what we are here to talk about today. We met as part of another early stage startup and realized that while there are literally hundreds of companies dedicated to building tools to fight cyber crime, nobody was paying any attention to whether those tools were worth what was being spent on them. That led us to form our own venture, Cambio Analytics. At Cambio, we’re focused on one simple goal - helping companies measure the financial performance of their cyber security investment.
  3. What we are going to talk about today…. Now is a great time to be in InfoSec – lot’s of exciting opportunities and challenges to solve – we’ll level set on what we believe is the current state of InfoSec and what it means for moving forward. We’ve seen this trend before regarding increased spending and the impact and response it’s had on business – what can we learn from it We believe the InfoSec leader of the future is a leader with a business mindset – and that successful InfoSec programs will be lead by those who can successfully translate the complexity InfoSec into terms executive and BoD leadership values and understands; and who can lead a collaborative, integrated effort across the organization to manage risk at a level acceptable to the business. Now is a unique time and opportunity for InfoSec leaders to emerge – we offer some practical advice on how to get started.
  4. Gartner study Ponemon study Board views of Infosec
  5. 6
  6. 8
  7. 9
  8. 10
  9. 11
  10. 12
  11. 13
  12. 14
  13. 15
  14. 16
  15. 17
  16. 18
  17. 19
  18. 20
  19. 21
  20. 22
  21. 23
  22. 24
  23. 25
  24. 26