What I got from Gartner SRM Summit this year
[This is a personal post and does not reflect the opinion of my employer]
Last week, I attended the Gartner Security & Risk Summit in Sydney over June 21 and 22. There's been a number of posts that hone in on content, for me I'd like to mostly describe the high level benefits I felt from attending this year.
Like many folks who have already commented, I found it extremely refreshing for many reasons but I will single 5 reasons out specifically:
The Importance of Networking
After 2 years of being absent from most of the important cyber conferences that are typically in the calendar, I was finally able to make the trip to Sydney for a few days. I derived a lot of personal value and satisfaction from seeing folks I hadn't seen in quite a bit of time. One chap (who I've known for 20+ years)was kind enough to offer "You're hair has gotten a lot greyer since I saw you last" - thanks for that mate! :)
I met quite a few vendor and customers who I had either not seen in a long time, or met new folks for the first time. It was great making those connections once again.
The Importance of Operational Disconnect
Good timing management and organisational skills will always be the preferred approach to ensuring we have enough space for strategy and deep thinking (ie. not getting caught up in fire fighting and burn out from 24/7 operational focus). However, for those of us in the real world this is easier said than done. After all many of us work in Cyber, where interruptions happen at any time.
However, having a good team behind me, I was able to enjoy the majority of the Gartner conference which set me up for being able to take advantage of the next 3 important reasons...
领英推荐
The Importance of Validation
This sounds like confirmation bias, but I like to think it was more a celebration that the many weeks and months that our team have been working on cyber strategy and program development was consistent with the themes, trends and activities being seen by research and peer organisational feedback (to a large extent). It means that for the most part, we are moving in the right direction. It's difficult to demonstrate a point around validation without dipping into some of the milder examples of content that I found useful so...
For example, the presentation by Rob McMillan called A Security View of the 2023 CIO, CEO and Board of Directors Agenda highlighted the value in the modern CISO being "another brain that a CIO can use" - this really resonated with me, as during 2020/2021 I took myself off to do the CIO Express Pathway training by IDG (now Foundry). The idea was pretty simple - to support the technology strategy, cyber needs to look beyond the cyber remit and connect more fully to business and technology initiatives. Gartner articulated this really nicely, the Digital CIO now needs to do more than transformation - they need to contend with hybrid working, digital products, be revenue-focused, be all about the customer, be conscious of talent pipeline and strategy, and an integral part of business design and strategy.
So as the CIO role expands, and as they traverse the difficult waters of opportunities vs risks, it was great to hear Gartner talk about the focus areas for anyone working in Security & Risk Management roles. I've said for several years now that my role is to be a business risk (cyber) advisor and to ensure that my leaders have the information they need to make important and informed risk decisions. It was an important albeit high level validation.
The Importance of Uncomfortable Truths
Reflecting on the 4 facets of an effective CISO - the behaviours, mindsets and actions to be an effective SRM Leader, I could certainly see areas where I can do better. Each of those areas, Executive Influencer, Future-Risk Manager, Workforce Architect, Stress Navigator are great areas to think and reframe our own personal growth opportunities.
These were important moments to stop and reframe my efforts, as I'm sure they were for several others in the session around CISO Effectiveness. While we can all justify the historic focus areas of our stakeholder relationships and effort, I left that session with renewed energy towards the relationships I should continue to build towards. I think it is healthy to be able to see blindspots and/or areas that need re-prioritisation.
The Importance of Reflection
Our Cyber Strategies and Programs are there to support our organisations. It is rare today that anyone is doing anything in Cyber simply because it's "cool" or "hip". [I still remember when Cyber was neither cool or hip to mention in social or professional gatherings]. I found myself reflecting on the many things we have to contend with lately, evolving SASE convergence, that name-i-dislike-mentioning Zero Trust, the importance of building meaningful Op Metrics to the C-Suite, strategic planning, evolving Third Party Risk management strategies, and of course one of my passion areas - Identity Access Management.
Each of these sessions offered an opportunity to reflect on the direction, and whether you fully agree or disagree with Gartner's predictions - I found the time spent reflecting and talking with peers trying to solve similar challenges, to be very rewarding.
In conclusion...
So in parting... it is always great to come back to your team and organisation and impart more of the learnings and value from a conference like Gartner's Security & Risk summit. I now look forward to the AISA national cyber conference in October this year!
Chief Growth Officer, Sekuro | Best-Selling Author, TEDx & Global Keynote Speaker | LinkedIn Top Voice'24 | ARN Shining Star Multinational Winner | 40 under 40: Most Influential Asian-Australian
2 年Bang on re: the role of the CISO and “to support the technology strategy, cyber needs to look beyond the cyber remit and connect more fully to business and technology initiatives.” Really enjoyed reading this Nigel! Thanks for taking the time to share. It’s a great write up that captures your reflections but also offer many learning points and takeaways. I was at the AISA conference happening at the opposite hotel. ?? If I were to add a takeaway from the many there, one of it would be the importance of having vision, and imagining possibilities. Having check in points with ourselves and not forgetting to ask the question, how can we do things differently. :)
Major Account Manager @ Proofpoint | Cybersecurity
2 年Nice one Nigel Hedges thanks for sharing. Interesting to hear your thoughts around the role of Cyber managing and advocating for risk more broadly across the business.
Chief Information Security and Risk Officer - Probe Group
2 年First time I've heard the term "operational disconnect" but 100% agree on that one. I'd say at most similar events I spend 50% of my time writing notes and thoughts that have nothing to do with what is being presented, because it is a a time for random thoughts to enter the head (same thing happens on a long run). But at least now I know what to call it. ??
Digital Risk and Governance Executive | Cybersecurity, AI and Privacy Practitioner | Digital Law | Board Director | Independent Expert
2 年“You're hair has gotten a lot greyer since I saw you last"….. I genuinely and personally dont know ANYONE who is in the 30-45 age bracket with kids who has not visibly aged the past 2 and a bit years, myself definitely included. You know its a thing when you can see it in yourself first and then see it with people you know very well. I always wondered how 18 year old kids coming back from war looked so ‘aged’ in those old photos. While lockdowns are nothing like war, truth is that 2+ years of uncertainty has affected so many people in profound ways.