2023 CISO Trends: Beyond Business, It's Personal
Shamane Tan
Chief Growth Officer, Sekuro | Best-Selling Author, TEDx & Global Keynote Speaker | LinkedIn Top Voice'24 | ARN Shining Star Multinational Winner | 40 under 40: Most Influential Asian-Australian
Last year, I did an infographic on my top 10 CISO flavours 2022, featuring key topics frequently discussed by cyber leaders. Continuing this tradition, I've consolidated an overview of the key areas CISOs focused on in 2023.
Many of you know me for my keynotes at conferences and participation in industry panels. In addition to these, I also conduct forums and roundtables with hundreds of CISOs and cyber leaders, as well as deliver board and executive awareness workshops.
This year, I have been seeing a broad spectrum of different business demands, new challenges within our evolving operational landscape, and at the same time, the remarkable adaptability and passion of our cyber defenders. A quote that I always share at my keynotes rings so true, "Our cyber security agenda should extend beyond organisational mandates; it's vital to understand the human dimension and recognise its individual impact. It's not business, it's personal."
With increasing awareness of burnout and well-being, it's crucial for our leaders to constantly prioritise and re-prioritise their goals.
Here are my top 8 CISO flavours for the year 2023, and in no particular order:
- the CISO as a strategic role,
- cyber security metrics and tying it back to the business,
- effective board-level communication and reporting,
- cyber security operations,
- supply chain risk management,
- cyber team dynamics,
- regulatory compliance and trends, and
- gen AI (no surprises there).
领英推è
Any other observations?
Interestingly, our cyber leaders have a great sense of humor, and they love Legos! Who would have thought my AI creation of a cyber Lego series would take off so well?
What trends have you noticed in your cyber journey this year? I'd love to hear your thoughts. Wishing everyone happy holidays!
About the Author
Shamane Tan?is the Chief Growth Officer at Sekuro, a leading global cyber resiliency company and the best-selling co-author of 'Cyber Mayday & the Day After'. Her new book has been recently featured in the Forbes special Summer coverage of "What business leaders are reading": 'Building a Cyber Resilient Business', a cyber handbook tailored for executives and boards consumption. She is also the author of 'Cyber Risk Leaders', one of her earlier works.
Shamane has worked with exciting start-ups all the way to global organisations extensively?in Australia and within the Asia-Pacific region. She advises the C-Suite on their business?security posture to the reality of the challenges they faced from regulatory issues and?cyber crime. She is also the founder of the Cyber Risk Meetup which is in six major cities across Australia, Singapore, Japan and Philippines. Her meetups offer security and risk professionals and enthusiasts a unique platform to impart?and exchange innovative insights.
Strategic Cyber Leader | MCybSecurity ECowan | vCISO | AIPIO | Cyber & CTF Coach | ASD Business Partner | Discoverer: Asteroid (551900) Laneways
1 年Love it Shamane, great summary. One that’s not there (not that I have seen a lot of them) but a lot of the regulators, the Minister and peak bodies are saying Tabletops and Exercises need to be done! While might have flown under the radar a bit this year ….. as I have been saying all week - PLENTY MORE IN 24!?????
Shamane Tan Thank you for sharing your great insights. In addition, the industry is also focusing on PQC (Post Quantum Cryptography) / QRE (Quantum Resistant Encryption). NIST will be standardizing some of these algorithms which will be released early 2024. (https://www.nist.gov/news-events/news/2023/08/nist-standardize-encryption-algorithms-can-resist-attack-quantum-computers) NIST have also released the NIST CSF (Cyber Security Framework) 2.0. NIST CSF was created on 2014 and was last updated in 2018. With the latest draft, it will include a new function (Govern) to the existing 5 functions ( Identify | Protect | Detect | Respond | Recover). GOVERN (GV): Establish and monitor the organization’s cybersecurity risk management strategy, expectations, and policy. The NIST CSF 2.0 is also expected to be released in 2024. (https://www.nist.gov/cyberframework/updating-nist-cybersecurity-framework-journey-csf-20) Thank you for your services and insights to the community. Looking forward to see all the great things you will bring us in 2024.