Among the webinars for this year’s Infosecurity Europe show, was one on how to ‘do more with less’. It featured three CISOs: Deborah Haworth, at Penguin Random House, the publishers; Kirsten Davies, of Estee Lauder; and Kevin Fielder of Just Eat; and David Young, head of information security at Tesco Underwriting.
The webinar heard that it’s not so much how much you spend; but how effectively. You can spend a lot of money on tools; do they actually solve the problem? They help you identify a problem. The panel stressed how infosec is about people, including that majority of non-security people in a business. If those staff are not engaged, you have lost a large chunk of your defence.
You may carry out once a year generic training on info-security; how much effect does that have, given that the chief executive and the staff answering the phones have very different information security requirements. Kevin Fielder spoke in terms of having to bring a ‘force multiplier’ from your team by engaging with non-security people in the wider business. A lot of security success for him, Kevin said, was by getting other teams to deliver things for him. For example; does, or can, your security team alone do patching of all company devices? Probably not; better that other teams do patching as part of their processes.
Another piece of advice was around how to negotiate budgets; speak the language that the board speaks; get to know what the business strategy is, and any initiatives, so that infosecurity can support the board in achieving them, whether by cutting costs or increasing sales.
Infosecurity Europe ran this week as an online conference only; it is due to return to London Olympia from June 8 to 10, 2021.
More on this and other infosec webinars in the July 2020 print edition of Professional Security magazine.
