Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

CISO Mindshare Is Influencing Tomorrow’s Platforms

We Need More CISOs To Speak Up

We Need More CISOs To Speak Up

On September 25th, I was privileged to offer opening remarks at the 5th Annual SecurityWeek CISO Forum, Presented by Intel.  My comments were brief, and while they are not groundbreaking, they do represent such important reminders for all of us that I thought I would share and expand on them in this format as well.  Here’s the gist: big, boring (not really) platform companies need CISOs – and CISOs need them to listen.  The decisions platform companies make have profound impacts on every single CISO on the planet.

To properly set this up, I need to admit something. That is, awareness of the existence of the CISO role, much less its influence on technology decisions, was not well known to many tech giants even five years ago.  Some business and technology leaders understood, but most did not.  The reason is pretty obvious if you put yourself in the shoes of platform companies – we are often (although not always) an ingredient supplier to end solutions.  Companies like this frequently do not deliver complete solutions, and so we often interact with companies that do – not the end customer.  As such, CISOs were often not in the obvious influence path for “ingredient” tech companies.  But as security outcomes became more in focus, and the role (and responsibility) Intel and other platform companies have in improving security outcomes became more clear, it became unambiguous to most that CISOs are critical for technology adoption.

SecurityWeek CISO Forum at Half Moon BayMany of us have now seen the light (broadly about five years ago).  Thankfully.  I can only speak for Intel, but we should all breathe a collective sigh of relief that CISOs are sought out and listened to in order to guide technology roadmaps.  Now Intel routinely engages with CISOs for input on our directions, receive checks our assumptions, and even ideate on innovations.  Not only do CISOs approve security technology roadmaps for the companies they represent, not only do they consume what we produce, but they also are on the front line of the war on cybercrime.  They have the absolute best sense for what has a hope of working.  It might be obvious to you, but it wasn’t to everyone at many tech giants not so long ago.

So began our journey of engaging with and seeking feedback from CISOs.  Honestly, though, it was and often remains difficult to gain mindshare to get and keep the attention of this group for the technologies that reside in the foundation of all computing. 

CISOs are busy people, fighting fires, making decisions, hearing about the latest innovations from the most groundbreaking start-ups.  So, making time to listen to platform companies is hard – especially if you think you’ve already said what you have to say, or if what you have to say seems obvious to you.  It must seem like taking the time to eat right or go to the doctor.  It’s much more exciting to speak to the latest AI or blockchain start-up, or the latest solution provider whose product claims to fix all that ails enterprise than it is to sit down and discuss patching strategy, hardware roots of trust or other “boring” topics from tech giants. I get it.

CISOs need to change their priorities here though – for all of our sake.  It’s every CISO’s responsibility to speak, to speak loud, to state the obvious, and repeat yourself if necessary.  That’s your responsibility.  It’s the responsibility of platform companies like Intel to listen and act as a result.  If we both commit, we both win.  If we get distracted, if we prioritize the latest shiny object, if CISOs don’t aggressively pursue providing their insights – we all suffer.  And I do mean all of us, like all consumers, all governments, all business.

The decisions platform companies make – especially hardware platform companies – have profound impacts on security outcomes.  Why?  Because, to state the obvious, platform companies provide the basis of downstream use cases and solutions.  Put another way – other companies build solutions that sit on top of our foundation.  And certain platform companies have immense market segment share.  If the foundation is strong, solutions built on top of it have a hope of being strong.  If the foundation is weak (defined in many ways), solutions built on top have little hope of being strong.

In closing: if your enterprise has the opportunity to engage with platform companies like Intel, Microsoft, or Cisco – do so.  Take the time.  Every time.  Whatever you tell us – keep telling us (saying something once is sometimes not enough).  While on the surface it may seem as though we move slow (not Intel!…other companies), while it may not be on topics that are the most exciting compared to the latest hot AI start-up (transistors can be exciting!), while it may seem at times like we do not listen (even though we do) – your time could not be better spent.  

Advertisement. Scroll to continue reading.

Thank you again to SecurityWeek for allowing Intel the opportunity to partner on the 2019 SecurityWeek CISO Forum.  Thank you to all the CISOs who committed to attending – and thank you in advance for your help in shaping the future of security platforms.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Security Infrastructure

Security vendor consolidation is picking up steam with good reason. Everyone wants to improve security efficiency and effectiveness while paying for less.

Management & Strategy

Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco.

Cloud Security

The term ‘zero trust’ is now used so much and so widely that it has almost lost its meaning.

Security Infrastructure

Instead of deploying new point products, CISOs should consider sourcing technologies from vendors that develop products designed to work together as part of a...

Security Infrastructure

Comcast jumps into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace.

Audits

The PCI Security Standards Council (SSC), the organization that oversees the Payment Card Industry Data Security Standard (PCI DSS), this week announced the release...

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture