It was fitting that the opening keynote panel for SecureWorld Chicago on June 8th was titled "Making the Cybersecurity Music: Navigating Challenges and Opportunities in Today's InfoSec Landscape." That proved to be the theme permeating all the sessions throughout the day, as cybersecurity professionals from the Windy City region gathered to network, share, learn, and collaborate.
"Well, information security, cybersecurity happens to be a critical part of the business, being able to achieve strategic objectives. And so we think about different types of cybersecurity risk and how those risks or vulnerabilities or threat actors can actually impede that ability or an organization to meet those objectives," said Mary Faulkner, CISO at Thrivent, one of four panelists that took the stage to kick off the conference.
"Having that conversation to really show how our alignment against business objectives becomes a critical part of the conversation so that we can drive risk-based conversations when the business is, you know, making decisions that might be more risky, and were probably greater than the tolerance level that the business may be willing to take or even a board is willing to take.
"So bringing that conversation to the table is an important conversation. And that's how I think we need to show up differently as cybersecurity professionals and leaders to not only just our board of directors, but also our executive leadership team."
Faulkner was joined by Sarah Buerger, BISO, The Kraft Heinz Company; Mike Zachman, VP & CSO, Zebra Technologies; and Lynn Dohm, Executive Director, Women in CyberSecurity (WiCyS), who artfully moderated the panel discussion.
Zachman offered great advice for current cybersecurity leaders and those aspiring to move up the ranks, noting that the days of being promoted to CISO because of just the "bits and bytes" technical knowledge are gone. Having that technical knowledge is important, he says, but having business acumen is even more important.
"You have to know why you are doing the cyber stuff that you're doing, how it addresses the risks of the company, and how to translate your technical knowledge into information that the executives and the board care about and can understand," he said.
Buerger recently joined Kraft Heinz as its Business Information Security Officer after serving as CISO at a smaller company. She jokingly said she enjoys knowing that any issues that arise on the cybersecurity side of the house do not fall on her shoulders; and she said she enjoys working with Ricardo LaFosse, Kraft Heinz CISO, who joined a panel on cloud security later in the day.
She also noted that the issues that Faulkner faces in financial services are different from what she faces at a food manufacturer and distributor, which is different from what Zachman faces at a technology company—but the core issues around cybersecurity are all the same.
"It's just adjusting the risk element of the company you're in and knowing what is right, and that you can't be talking about technical stuff to the business people," Buerger said.
However, she did share that she explained, in somewhat technical terms, to someone at the business the "why" behind a particular issue causing potential risk for the company.
"She got back to me and thanked me for doing that," Buerger said. "It made her feel better, and she wanted to let me know having the 'why' behind the problem was very helpful."
The lunch keynote featured Bruce Coffing, who has been the CISO for the City of Chicago for four and half years. Coffing talked about his career arc and shared what has worked for him to become a cybersecurity leader over his 20-plus year career, including having a peer push him to take a leap from the private sector and apply for the job at the city nearly five years ago.
He explained that, in his view, only 5% of being a cybersecurity leader is rocket science, and another 5% is magic. The other 90%, Coffing says, "is herding cats," not in the negative connotation, but the part that requires rolling up your sleeves and getting to work. He then shared nuggets from his career that helped him manage that 90%.
"If you're not upsetting somebody, you're probably not trying hard enough," he said. "You're probably not pushing hard enough. People like to be in their comfort zones. Keep pushing, keep trying. You're going to ruffle a few feathers, but don't worry about that."
Other notable sessions throughout the day included:
- "The Future of Privacy and Cyber: AI, Quantum and Mind Readers," with panelists Monique Ferraro, Cyber Counsel, HSB Insurance;
Karen Painter Randall, Partner and Chair, Cybersecurity Data Privacy and Incident Response, Connell Foley LLP; Violet Sullivan, VP of Client Engagement, Redpoint Cyber; and moder Jordan Fischer, Partner, Constangy (who also taught a PLUS Course on June 7th on "Operationalizing Privacy Laws into Your Organization") - "I Can See Clearly Now, the Threats Are Gone: Threat Intelligence: The State of InfoSec Today," featuring Tom Brennan, Executive Director, Americas Region, CREST
- "A Modern Security Strategy: Tips on Building Policies for Securing Data," featuring Madhu Dodda, Principal Product Manager, Lookout
- "Cyber World on Fire: A Look at Internet Security in Today's Age of Conflict," the closing keynote featuring Col. Cedric Leighton, CNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLC
SecureWorld has a full slate of regional in-person events and virtual conferences this fall. Before the spring season wraps up, the SecureWorld Eastern Virtual Conference takes place on Wednesday, June 14th. Register today, or catch it on-demand in the coming weeks.