The Top-of-Mind Issues Chief Information Security Officers are Thinking About Right Now

This June 16th and 17th in Denver, Colorado, Executive Platforms is organizing the North American Information Security Summit, a focused follow-up to last year’s broader North American Technology Executive Summit that will devote its entire agenda to the challenges and opportunities that are most important to Chief Information Security Officers, Chief Risk Officers, Chief Data Officers, and other senior executives responsible for cybersecurity and maintaining secure IT operations in large organizations.

As you can imagine, a lot goes into putting together an event of this scale on this topic for such a senior audience. Above everything else, content is king. If we listen to our network and recruit and brief the right speaker faculty to address what really matters, we are 90% of the way towards building a successful summit even before anyone arrives onsite.

So what really matters to this audience? Here are a few of the biggest things we are hearing over and over again that we look forward to doing a deep dive into this June.

Determining What Matters Most

Perhaps the biggest challenge facing senior leadership working in Information Security today is deciding how best to spend their day-to-day. Over and over again we hear the refrain, “If everything is critical, then nothing is critical” and “If everything is crucial, then nothing is crucial.”

Underlying all of this is an uncomfortable truth: There is so much work to be done, and threats are evolving constantly, and being right everywhere else is not going to matter a hill of beans when something goes catastrophically wrong in one particular spot, but how can you identify that spot ahead of time?

It is not for us to suggest a one-size-fits-all approach, especially for a pain-point as sensitive as a never-ending-list of vulnerabilities and only so much time and resources to identify and mitigate them. Risk management, as ever, is going to be help triage what needs to be addressed in what order, and new technologies and tactics are being invented all the time to empower cybersecurity and IT professionals to do more with the same headcount, but those are very simple-sounding statements that do not wave away the very real threats that need to be addressed.

We look forward to hearing a number of case studies from industry leaders who feel they have something from their experience to share with their peers, and of course conversations with leading service- and solution-providers will also help us keep on top of this ever-evolving tug-of-war between offense and defense when it comes to data security.

Talent is at a Premium, and Cybersecurity Can Be a Tough Sell

Every event Executive Platforms organizes has a conversation about attracting, developing, and retaining the talent organizations need to succeed, but Information Security is in a more difficult position than most. There are not a lot of people who have all the skills necessary to excel at Cybersecurity, and those who do have that skillset are also great candidates for a lot of other positions in a lot of other industries, so how can CISOs make their organizations the employer of choice in a crowded and competitive market?

To add to that challenge, let us also remember that cybersecurity’s successes are almost never publicly known and celebrated, whereas its failures can make headlines around the world. There is a lot of pressure working in cybersecurity, and so burnout and turnover are very real problems even within the existing workforce. Once you have the team you need, how do you keep them engaged, happy, and productive?

Again, it isn’t for a blog post to offer a solution to ongoing challenges of this scale, but we are definitely looking forward to hearing how some of the best IT organizations in the world are winning their war for talent and holding onto the best people in a high-pressure and competitive field.

Generative AI is On Everyone’s Minds. Everyone’s.

Another hot topic you can find on almost every Executive Platforms event agenda this year is Generative AI. Just about everyone is trying to figure out how it is going to change the way they work, and probably no one is grappling with that to the extent senior IT professionals must.

Let us begin, for a start, by imagining how many well-intentioned department heads without a clear idea of how Generative AI works are now asking their organizations to incorporate these powerful new tools into their existing operations. Think how many systems are about to be disrupted, and spare a thought for the IT teams who are going to be implementing these changes, likely without additional resources to bring it online and fine-tune it as it evolves from a novelty to an everyday resource.

Now let’s remember the bad actors out there who are the reason CISOs, CROs, and CDOs lose sleep at night have also been handed a powerful new tool to seek out, explore, and test weaknesses in systems that are undergoing rapid change. Zero Trust Architecture is a robust strategy, but you can only imagine how hard someone is working right now to automate ways to get around verification protocols using AI. A Pandora’s Box has been opened, and it is the Cybersecurity professionals who are bracing themselves to see what flies out of it.

As a final note on this topic, Generative AI does offer IT professionals their own powerful new suite of capabilities and opportunities to automate boring, repetitive tasks, freeing them and their teams to do more productive work. Far from standing in the way of progress, the best in the business are going to be trying to leverage Generative AI in all sorts of creative ways to allow them to stay ahead of the curve and really transform the way they do business. We cannot wait to hear what some of the early adaptors have to share with their colleagues at NAISS24.

Compliance is Bringing Standardization but Also Bureaucracy to a Traditionally Freewheeling Culture

While no one is against what the SEC is trying to do, and everyone can see the value in finding unified approaches to eliminate gaps in how organizations defend themselves, Information Security as a profession and a calling has often attracted innovators and individuals who enjoy the freedom being experts at a complicated and demanding task offers. Documenting what they do for the purposes of third-party auditing is not something most young people imagine when they contemplate a career in cybersecurity. Meanwhile, how are the regulations being updated and enforced? In a world that seems to get more dangerous and disruptive by the day, what does staying ahead of the compliance curve look like in real terms?

There are people whose whole careers are being great at this where others struggle, and events like ours will give the best an opportunity to share what works for them with everyone else. We look forward to hearing how working with regulators is making everyone’s data safer, and what we can all do to further those conversations to build even better systems, processes, and outcomes in the future.

Digital Transformations are Creating Tsunamis of Data and Tidal Waves of New Users

An ever-present, low-burning background pressure that has existed throughout the careers of every speaker and delegate attending NAISS is that as we move further and further into the Information Age and the Fourth Industrial Revolution where the Internet of Things has machines talking to machines and everyone is connected at all times, the amount of data that needs protecting and the number of users looking to access that data will never stop growing —in some cases exponentially— and most organizations still think of their IT departments as the people who hook up the computers before a new hire starts with a dash of ‘who you call when the company wifi stops working’ thrown in on top.

Cybersecurity and Data Security work quietly in the background, and there are very few economies of scale available to them as their workload grows and grows. There is so much more data coming from so many more inputs that are also connected to so many more outputs than ever before, and there is no chance that will ever change in our lifetimes. The future is dedicated to giving IT professionals evermore work to do, and how can they ever hope to stay on top of what they are already doing, let along think ahead and build what their organizations are going to need in the future?

It can sound and feel overwhelming, and a huge part of the job of anyone in a C-Suite position working in this space is being able to keep your head in the day-to-day game while also having situational awareness of what is coming next, how to do more and better, securing the resources needed to get it all done not just now, but next year, and in the coming decade.

There is so much to talk about. We are excited to gather together some of the top minds working on these issues today this June in Denver. It is going to be something special!