Curiosity, Sustainability, and Anti-Fragility: Shaping the Future of Cyber Security Across Sectors

Over the past month, the Chaleit team has explored a wealth of expert perspectives and thought leadership on some of the most pressing topics in cyber security.?

From keeping up with regulatory frameworks to resilient security strategies, our interviews offered valuable insights and actionable advice to help you stay ahead of the industry's future.

Whether you're a seasoned professional or just starting your cyber security journey, there's something here to spark your curiosity. And we should be cultivating curiosity, Jacob Thampi believes.?

Jacob Thampi on Cultivating Curiosity and Collaboration in Cyber Security

Organisations need more than the latest technology to stay ahead of threats. They must foster a curious, adaptable, and collaborative workforce, says Jacob Thampi , VP, Head of Cyber Security Consulting at QBE North America.

In a discussion with Chaleit’s CEO, Prof. Dan Haagman , Jacob made several thought-provoking points:?

• Being 100% risk-free is unattainable. The emphasis should be on minimising risks, not eliminating them completely.?
• Curiosity is critical because it allows people to go beyond the superficial and approach tasks with a mindset of understanding the underlying reasons behind them.
• Cyber security leaders must step back, challenge established scripts and routines, and consider problems from different perspectives.
• All companies would benefit from having a point person for cyber security-related inquiries.
• Organisations need to adopt a proactive approach to cyber security centered around defence-in-depth, ongoing education, and adaptation to emerging threats.

Watch the interview for more insights on why organisations must empower individuals to ask questions, challenge assumptions, and work together.?

Empowering individuals was also a theme in the next candid and eye-opening interview.?

Jane Frankland on The Power of Partnership

With unprecedented challenges and rising burnout rates, leaders must create supportive environments to retain talent and mitigate risks, says Jane Frankland MBE award-winning cyber security leader, influencer and coach.

In a conversation with Dan Haagman, Jane emphasised moving beyond transactional approaches, prioritising understanding, and celebrating win-win situations.

• The traditional sales-oriented approach in cyber security isn't enough anymore. Building trust and genuinely understanding client needs is crucial.
• Leaders must prioritise values and an approach of being purposeful instead of just compliant.
• By recruiting based on values and creating a culture of shared victories, organisations can build strong, cohesive teams equipped to tackle cyber security challenges.
• Creating a work environment that fosters growth is key to retaining top cyber security professionals.
• Celebrating successes together is also important both within organisations and within business partnerships.

Read more on our blog about the mindset shifts needed for a resilient and productive cyber security future.

Tim Vincent on Compliance, Culture, and Humanity over Tech

Paradigms are shifting in cyber security, observes Tim Vincent , Director at Observer Solutions.

An optimist drawn to cyber security by its scope and challenges, Tim shared his revealing insights on the industry's current state with Chaleit's VP of Client Services, Roscoe Platt .?

• There is an increasing focus on “posture first” over simply checking compliance boxes and green lighting audits.
• While cyber security remains a continual “climb” with no final summit, many organisations have improved their defensive readiness compared to just a few years ago.?
• Organisations need sustained vigilance and efforts to stay ahead of threats because “every lock is pickable.”
• Beyond technical measures, reducing risks is possible only by cultivating employee awareness and a proactive mindset.
• Cyber security professionals should be proud of the positive steps that the industry at large is making.

Check out the entire article and let us know in the comments how you feel about the direction in which our industry is headed.?

Mandy Andress on Building Resilient Security Strategies

Security is a team sport that requires leadership support, according to Mandy Andress , CISO at Elastic, Investor, and Board Member.

In a conversation with Dan Haagman, Mandy explored the shift from a purely technical mindset to a more holistic understanding of cyber security, emphasising the need for collaboration, continuous learning, and understanding human behaviour.

• While technology can aid in defence, it's essential to work with human nature rather than trying to change it.
• New technologies seem more exciting, but the consistent application of fundamentals prevents security incidents.
• Instead of trying to control every aspect of security, organisations are embracing the idea of anti-fragility — building systems and processes that can not only withstand disruptions but also evolve and grow stronger.
• A CISO may spend years struggling to acquire the resources needed to execute their security plans. This prolonged resistance or lack of resources can be frustrating, leading CISOs to seek roles where they feel more empowered and less burdened by justifying investments.

How does a CISO choose between stability and the allure of change? And why pursue a law degree while working full-time in security? Watch the entire interview to find out.

Jonathan Evans on DORA’s Key Requirements?

The EU's Digital Operational Resilience Act (DORA) is set to boost the digital resilience of its financial sector. With the January 17, 2025, deadline fast approaching, financial institutions must hit critical compliance milestones.

Jonathan Evans Founder of IT Security Locksmith , shed light on DORA’s key features and practical implications. A must-read for everyone in the industry:?

• DORA is designed to ensure the digital operational resilience of the EU financial system against various technological threats and vulnerabilities.
• This extensive piece of legislation mandates thorough compliance measures beyond standard certifications.
• The Act fundamentally reshapes operational risk management within financial services firms, focusing on robust governance and accountability at the highest levels.
• Third-party service providers are expected to enhance operational resilience and align with DORA's requirements to continue supporting financial services.
• DORA’s benefits include enhanced organisational resilience against shocks, improved risk awareness, and a more comprehensive approach to addressing emerging operational challenges in the digital age.

More insights on regulations and cooperation coming up.?

Neira Jones on Regulation, Cooperation, and the Future of Payment Security

In the second part of her conversation with Dan Haagman, Neira Jones posed an intriguing question: Should we learn from cyber criminals?

They excel in cooperation and speed, areas where the security industry often falls short due to regulations and lack of collaboration.

Watch the conversation and read the main takeaways below:

• Cyber security, information security, and fraud prevention teams rarely collaborate within organisations.
• Sharing threat intelligence should be more common for the betterment of the security ecosystem as a whole.
• Faced with the reluctance to cooperate and share important data that can help fight threats more efficiently, regulators should step in and require organisations to send reports.
• Payment and financial institutions face a wide range of overlapping regulations, including some cyber security and data protection requirements.
• Companies need a more holistic approach to cyber security, transcending the siloed nature of compliance-driven initiatives.

If you haven't already, check out Part 1 of the interview with Neira Jones.?

From Military to Management: A Path to Cyber Security Leadership

Einat Segal , currently the Cyber Security Manager at iProov, sat down with Josh Fulford , Account Executive at Chaleit, and shared her fascinating career journey from the military to cyber security.?

Her story offers valuable lessons for anyone seeking a career in this dynamic field.?

• Einat's journey into cyber security began during her military service, during which she gained valuable intelligence experience and established connections that would later prove invaluable.?
• One of the key lessons is the importance of having an apprenticeship mindset.
• Einat's success stemmed from her openness to dive in, learn by doing, and continuously adapt to new challenges.
• Her story underscores the importance of practical experience, continuous learning, and cultivating a well-rounded skillset.

Make sure to check out the whole account and follow Josh for Part 2 of the talk focused on the skills gap in cyber security.

Also, fresh from the press, Dan Haagman continues exploring whether organisations are truly validating and testing their SOC. Read his most recent newsletter to learn about the “grey areas” that allow attackers to bypass core security controls.

If you enjoyed our newsletter and want a monthly update on industry hot topics, hit the subscribe button. We’re keeping that much-needed curiosity alive and kicking.