Four Key Elements of a Security Strategy

On this Episode of The New CISO, Steve Moore is joined by special guest Mark Ferguson, the CISO for a cyber security company Bombardier. They discuss roles of a CISO in cybersecurity and the strategies involved in dealing with breaches and building teams.  Moving to CanadaOriginally from Scotland but now residing in Montreal, Canada, Ferguson shares some background on where he has lived in the past and the process of moving to Canada. Ferguson expresses his excitement of experiencing Montreal when it becomes more open. He has been taking some French classes to become better acquainted with the language.  TravelFerguson has been able to travel often and live in many places for his job. Opportunities to relocate have been present multiple times throughout his career. Ferguson advises taking opportunities to relocate for a career. He has moved to the United States, to Poland, and now to Canada. He enjoys the experiences of new places. Moore discusses how relocation may be less common in companies based out of the United States. First CISO RoleFerguson reflects on the decision to become a CISO. He honestly admits that some days it can be exhausting and doubts can arise. There are good days and bad days in the role. At the end of the day, he knows he is capable of solving any problems that arise. The role brings a lot of diversity.  Getting to be a CISO/4 PillarsHow did you get to the point of being a CISO, Moore asks? Ferguson says he had a great mentor and was able to help identify his assets. Getting things done and strategic planning are important as well. The four main pillars of strategy are.  1). Educational awareness2). Strong Identity Management/Data Security3). Strong basics of IT management and maintenance4). Using agile technology Building a program & Facing ChallengesYou have to know what players you need to make things work. Building strong relationships is important and will assist with the aspect of vulnerability management. It can be a challenge to identify where problems lie and explaining the problems can be a challenge as well. Ferguson notes these are things he still actively is working on.  Moore notes that the CISO position can be nearly impossible at times. However, others pulling their weight in the company is essential. IT systems are extremely complex and joining everything to work as one can be difficult. This is, realistically, not a simple problem to solve.  Breaches with assets could be a big detriment to the company. Holding people accountable and working together is one way to avoid these breaches. Running audits is time consuming, but important to keep everything in check.  Best parts of the jobFerguson shares some of the best parts of his job. One of his favorite things is building great teams. Finding great people to work with is very rewarding. These people don’t have to be perfect, but finding what makes them an asset to the team is great. Inevitably, these team members will come and go, but developing great teams is one of the best parts of the CISO role, says Ferguson.  Breach Response PlanOne of the first lessons to learn is that a cyber breach is not a cyber security problem. Ferguson mentioned that they recently faced a breach, and there is a lot to learn from the situation. This occurred at a critical time. They assumed the breach would be coming from the bottom up, however it was at a...