Cyber Sentinels May 2023

FUTURE FOCUS

COMPLIANCE RISK

A CHIEF SECURITY OFFICER SHOULD POSSESS VARIOUS SKILLS TO BE ABLE TO PROTECT THE ORGANIZATION FROM SECURITY THREATS AND SUPPORT THE BUSINESS.

Redefining Postures, Skills and More…

Welcome to the May issue of Cyber Sentinels, Digital transformation has presented new opportunities for CISOs to enhance their organizations' security posture. By leveraging the latest security technologies and practices, CISOs can build resilient security architectures that can adapt to the evolving threat landscape. They can also collaborate with other stakeholders within their organizations to develop comprehensive security strategies that address all aspects of the business.

PUBLISHER TUSHAR SAHOO

TUSHAR@GECMEDIAGROUP.COM

CO-FOUNDER & CEO

RONAK SAMANTARAY

RONAK@GECMEDIAGROUP.COM

ASSISTANT EDITOR

REHISHA PALLIKKATHODI

REHISHA@GECMEDIAGROUP.COM

GLOBAL HEAD, CONTENT AND STRATEGIC ALLIANCES

ANUSHREE DIXIT

ANUSHREE@GECMEDIAGROUP.COM

GROUP SALES HEAD

RICHA S

RICHA@GECMEDIAGROUP.COM

PROJECT LEAD

JENNEFER LORRAINE MENDOZA

JENNEFER@GECMEDIAGROUP.COM

SALES AND ADVERTISING

RONAK SAMANTARAY

RONAK@GECMEDIAGROUP.COM

PH: + 971 555 120 490

DIGITAL TEAM

IT MANAGER

VIJAY BAKSHI

PRODUCTION, CIRCULATION, SUBSCRIPTIONS

INFO@GECMEDIAGROUP.COM

CREATIVE LEAD

AJAY ARYA

ANUSHREE DIXIT

anushree@gecmediagroup.com

In this issue of Cyber Sentinels, we explore the roles and vision of 10 leading CISOs who are redefining this transformation practices in various ways. Not only do they divulge into the details of how digital transformation has been impacting their functions and role, but also talk about how an ideal Chief Security Officer in this age of digital transformation should possess skills such as a deep understanding of cybersecurity, risk management, and compliance; knowledge of emerging technologies and threat landscape; strong leadership and communication abilities; and the ability to collaborate and build relationships with stakeholders across the organization.

In conclusion, digital transformation has created both challenges and opportunities for CSOs. While it has increased the complexity of the threat landscape, it has also presented new avenues for CSOs to enhance their organizations' security posture. In line with this, Global CISO Forum is all set to stage the 7th edition of The GCC Security Symposium roadshow that will provide CISOs with valuable insights and practical solutions that they can use to navigate the evolving security landscape.

The GCC Security Symposium roadshow, which will be held in May in Qatar, KSA, and UAE, will provide CSOs with a platform to share their experiences and best practices in addressing the challenges and opportunities created by digital transformation. The symposium will bring together leading security experts, policymakers, and practitioners to discuss the latest trends, technologies, and strategies in cybersecurity. We look forward to seeing you all there!

Enjoy the issue.

GRAPHIC DESIGNER

RAHUL ARYA

ASSISTANT DESIGNER

VIKAS CHANDRA

DESIGNED BY

SUBSCRIPTIONS

INFO@GECMEDIAGROUP.COM

PRINTED BY

Al Ghurair Printing & Publishing LLC.

Masafi Compound, Satwa, P.O.Box: 5613, Dubai, UAE

Office No #115

First Floor , G2 Building

Dubai Production City Dubai

United Arab Emirates

Phone : +971 4 564 8684

31 FOXTAIL LAN, MONMOUTH JUNCTION, NJ - 08852 UNITED STATES OF AMERICA

PHONE NO: + 1 732 794 5918

A PUBLICATION LICENSED BY International Media Production Zone, Dubai, UAE @copyright 2013 Accent Infomedia. All rights reserved. while the publishers have made every effort to ensure the accuracyof all information in this magazine, they will not be held responsible for any errors therein.

AHMED AL LAWATI Head of Business Digital Innovation

Ooredoo Oman

FUTURE FOCUS, RISK AND COMPLIANCE

THE DEFENDER IN CYBER SECURITY DOMAIN

PAGE

OPINION CORNER

FUTURE FOCUS, RISK AND COMPLIANCE WALKING THE LINE: NAVIGATING THE SECURITY THREAT IDENTIFYING THE CYBERSECURITY LEAD

THREATS AHEAD, COMPANIES STAY CAUTIOUS

CYBER RISKS 2023: CHALLENGE ACCEPTED?

PAGE EXPERT BYLINE EVENTS

WHAT IS PASSWORDLESS AUTHENTICATION?

CISO VS THE RANSOMWARE & MALWARE; INSIGHTS INTO THE CHALLENGING BATTLE EVENTS

WAQAS HAIDER Chief Information Security Officer HBL Microfinance Bank

FUTURE FOCUS, RISK AND COMPLIANCE

Please describe your job role?

I am currently responsible for business digital innovation, which involves the induction of state of the art technologies and practices to upscale operations and enhances overall customer experience.

What are the most important and critical aspects of your job role?

The most critical aspect of the job is staying up-to-date with the latest technological advancements. With technology evolving rapidly, it is important to keep abreast of the latest trends and innovations. Problem solving is also a critical aspect, as we must always strive to identify issues, analyze them from multiple perspectives, and come up with creative solutions that address the root cause of the problem.

“A Chief Security Officer should possess various skills to be able to protect the organization from security threats and support the business.”

AHMED AL LAWATI Head of Business Digital Innovation Ooredoo Oman

What are the typical challenges faced by a chief security officer in large and medium enterprises?

In today's digital age, cyber-attacks are becoming complex in nature, which makes them a constant threat to businesses. It is vital to frequently identify vulnerabilities, implement appropriate security controls, and proactively detect threats by establishing threat-hunting activities.

What are the key skills required for an ideal chief security officer in this age of digital transformation?

In the age of Digital Transformation, a Chief Security Officer should possess various skills to be able to protect the organization from security threats and support the business. Some of these include:

i. Strong business acumen to be able to support businesses in achieving their objectives in the most effective and efficient manner

ii. Strong technical knowledge to be able to understand new technologies being introduced in the organization and design balanced security controls to ensure smooth adaption

iii. Good communication skills to be able to communicate effectively with various levels in the organization

How do you define digital transformation?

Digital transformation is a combination of

methods utilized to uplift and transform business. This includes the adoption of the latest technologies, digitalizing services, introducing agile working culture, offering seamless customer experience, re-engineering business processes, procedures, etc.

According to you, how does digital transformation affect the security posture of any business?

Digital transformation allows businesses to use Digital channels to perform business transactions and establish customer communication through non-traditional channels. This new method requires crafting a seamless and balanced approach that ensures the protection of services and customer information without affecting customer experience.

How is digital transformation impacting the job role and department responsibilities?

Digital Transformation is changing the way traditional businesses use to operate. The adaption of new technologies, automating processes, establishing new channels and others requires new skillsets and organizational restructuring to meet Digital Transformation objectives. Digital transformation is changing the nature of work across various industries; therefore, it is vital to adapt to these changes to remain competitive.

Specifically, what are the challenges and opportuni-

ties created by digital transformation including IoT, cloud, and mobility, for chief security officers?

The induction of these new technological advancements is pushing CISOs to redefine their strategies and start thinking out of the box to support the adaption of new technologies by designing balanced and effective security controls; in order to meet business needs and stay ahead of the competition. For instance, IoT infrastructure can become very challenging to be introduced to the existing network infrastructure and opens up new attack surfaces to the environment, allowing attackers to exploit IoT sensors and the vulnerabilities associated with it.

In general, looking at the present and future technology landscape, what are the upside and downside of cyber security solutions?

There is no doubt that Cyber security solutions play a major role in supporting Chief Information Security Officer’s mandates in introducing effective security controls to protect the environment; nevertheless, some of the downsides could be the high associated costs of these solutions, limited features to fulfill business needs, poor end-user experience, etc.

At present, what are your expectations from cyber security solution vendors, channel partners, and consultants?

Vendors must start providing tailored solutions to meet both business and technical needs and start adapting disruptive technologies such as Artificial Intelligence (AI) and Machine Learning (ML) to automate tasks and enhance overall security offering.

At present, what advice or feedback or recommendation would you give cyber security solution vendors, channel partners, and consultants?

It is essential that Cyber Security vendors establish a client partner relationship to be able to understand and assist customers with their pain areas and recommend the right solution to elevate their security posture. Additionally, it is vital to be able to offer tailored and simplified services to meet customer requirements and ensure maximum value. ë

According to you, how does digital transformation affect the security posture of any business?

Significant impacts on the security posture of any business can include: Increased attack surface, complexity, integrating new digital technologies with existing legacy systems (this can be challenging, and can introduce new risks if not done properly), data privacy, and workforce skills gap.

How is digital transformation impacting the job role and department responsibilities?

Overall, digital transformation is changing the way government organizations operate and deliver services, and is impacting job roles and department responsibilities in many ways. Successful government organizations are those that embrace these changes and invest in the training and development of their employees to ensure they have the skills and knowledge needed to succeed in the digital age.

l Automation of administrative tasks

l Increased use of data analytics

l Greater focus on cybersecurity

l Greater citizen engagement

l Greater collaboration between departments

Specifically, what are the challenges and opportunities created by digital transformation including IoT, cloud, and mobility, for chief security officers?

The digital transformation, including the Internet of Things (IoT), cloud computing, and mobility, has created several challenges and opportunities for Chief Security Officers (CSOs) in financial organizations. Some of the key challenges and opportunities are:

Challenges:

l Increased attack surface: The adoption of new technologies such as IoT and cloud computing has increased the attack surface for financial organizations, making it more challenging to secure their systems

and data

l Complexity: The complexity of IT systems has increased with the adoption of new technologies, making it difficult to manage and secure them effectively

l Cyber threats: Financial organizations face a growing number of sophisticated cyber threats such as phishing, malware, and ransomware, which require constant vigilance and proactive measures to detect and prevent

l Compliance: Compliance requirements for financial organizations are becoming more stringent, with the need to comply with regulations such as PCI-DSS, GDPR, and SOX, which require constant monitoring and management

Opportunities:

l Data analytics: Digital transformation has enabled financial organizations to collect and analyze large volumes of data to detect fraud, monitor transactions, and identify potential risks

l Automation: Automation of security processes can improve efficiency and

reduce the risk of human error

l Collaboration: Digital transformation has made it easier for financial organizations to collaborate with other organizations and share information about potential security threats and best practices

l Cost savings: Digital transformation can lead to cost savings by reducing the need for physical infrastructure, such as servers and data centers, and improving operational efficiency

In summary, digital transformation has created both challenges and opportunities for Chief Security Officers in financial organizations. To effectively manage the challenges and leverage the opportunities, CSOs must remain up to date with the latest technologies and security threats, develop proactive security strategies, and collaborate with other organizations to share information and best practices.

In general, looking at the present and future technology landscape, what is the upside and downside of cyber security solutions?

The present and future technology landscape presents both upsides and downsides for cyber security solutions in financial organizations.

In summary, the present and future technology landscape presents both opportunities and challenges for cybersecurity solutions in financial organizations. To take advantage of the upside and mitigate the downside, financial organizations must remain vigilant, invest in the right technology and personnel, and collaborate with other organizations to share threat intelligence and best practices.

At present, what are your expectations from cyber security solution vendors, channel partners, and consultants?

In summary, cyber security solution vendors, channel partners, and consultants can play a critical role in enhancing the cyber security posture of organizations by providing innovative solutions, education and training, customization, threat intelligence sharing, compliance expertise, and incident response support.

What are the most important and critical aspects of your job role?

As a Chief Information Security Officer

(CISO), the most important and critical aspects of my job role include:

l Developing and implementing an organization-wide information security strategy

l Ensuring compliance with industry regulations and standards

l Managing the organization's security operations: The CISO is responsible for overseeing the day-to-day security operations of the organization, including incident response, vulnerability management, threat intelligence, and security monitoring

l Building and managing a team of security professionals

l Communicating with stakeholders

Overall, as a CISO I am responsible for ensuring the confidentiality, integrity, and availability of the organization's information assets, as well as protecting against unauthorized access, disclosure, modification, or destruction of these assets. This is a critical role that requires strong leadership, technical expertise, and business acumen.

What are the typical challenges faced by a chief security officer in large and medium enterprises?

As a Chief Information Security Officer (CISO) in large and medium enterprises, some of the typical challenges that one may face are:

l Balancing security with business objectives

l Managing the complexity of IT systems

l Keeping up with evolving threats

l Securing cloud and mobile devices

l Limited resources

l Establishing a security culture

In summary, the challenges that a CISO faces in large and medium enterprises are diverse, and the ability to navigate these challenges requires technical expertise, business acumen, and leadership skills.

What are the key skills required for an ideal chief security officer in this age of digital transformation?

In addition to the key skills required for an ideal Chief Security Officer (CSO) in this age of digital transformation, financial organizations have additional requirements that a CSO should possess. The key skills required for an ideal CSO in financial organizations include:

l Regulatory compliance: Financial organi-

zations are subject to numerous regulations and compliance requirements, such as PCI-DSS, GDPR, and SOX. An ideal CSO in financial organizations should have a deep understanding of these regulations and compliance requirements and ensure that the organization remains compliant

l Risk management: Financial organizations are high-value targets for cyberattacks, and as such, an ideal CSO should have a strong risk management background. This includes conducting risk assessments, developing risk mitigation strategies, and monitoring risk on an ongoing basis

l Fraud prevention: Financial organizations are vulnerable to fraud, both from external and internal sources. An ideal CSO in financial organizations should have a strong fraud prevention background and develop strategies to detect and prevent fraudulent activities

l Crisis management: In the event of a security breach, an ideal CSO in financial organizations should be able to manage the crisis effectively. This includes developing incident response plans, conducting regular drills, and responding to security incidents quickly and decisively

l Financial acumen: Financial organizations operate in a complex financial environment, and an ideal CSO should have strong financial acumen. This includes understanding financial transactions, risk management, and financial reporting

In summary, financial organizations have unique security challenges, and an ideal CSO should possess additional skills such as regulatory compliance, risk management, fraud prevention, crisis management, and financial acumen to address these challenges effectively.

At present, what advice or feedback or recommendation would you give cyber security solution vendors, channel partners, and consultants?

In summary, cyber security solution vendors, channel partners, and consultants should focus on keeping up with the latest threats and trends, emphasizing usability and user experience, offering customization and flexibility, promoting collaboration and information sharing, providing education and training, and emphasizing proactive measures. ë

IDENTIFYING THE CYBERSECURITY LEAD

ABDULATIF ALRUSHAID Cybersecurity & Data Management Director Saudi Air Navigation Services (SANS)

Please describe your job role?

Currently, I lead the cybersecurity and data management functions in the organization. This role focuses on four main aspects; Cybersecurity Defense Center which is responsible for the day-to-day operations and monitoring, GRC which is to overlook the governance, risk & compliance, Cybersecurity Transformation which acts as the business arm of the department and looks for ways to enhance the operational excellence of the department, and finally the Data Management which aims into securing and properly protecting the corporate and personal information.

What are the most important and critical aspects of your job role?

Being responsible for securing Information Technology (IT) & Operational Technology (OT) infrastructures poses a huge responsibility. The risk of cyber-attacks on IT infrastructure is absorbable, however, cybersecurity leads who overlook OT always face the challenge of potential attacks that could interrupt the core enterprise operations and cause physical harm.

What are the typical challenges faced by a chief security officer in large and medium enterprises?

The Cybersecurity department has been always looked at as a cost center function, which increases the difficulty for CISOs to secure the required budget for their initiatives. Moreover, quantifying the value of defending the company networks and assets is very challenging due to the number of different variables in such calculation. However, the return on investment would be very visible once an enterprise stops its investment in cybersecurity.

What are the key skills required for an ideal chief security officer in this age of digital transformation?

The main skill for modern CISOs is to enable the business to run in a secure fashion by balancing between the operational needs and the expected risks. Nowadays, moving into digital transformation is inevitable, and it will always increase the threat landscape of the organization, however, a skilled cybersecurity lead should always find the right rhythm between

“The main skill for modern CISOs is to enable the business to run in a secure fashion”.

moving into digitalization while keeping the organization secure.

According to you, how does digital transformation affect the security posture of any business?

Digital transformation is a very essential factor for operational excellence, and it is an important method to improve the organization’s processes and data collection. However, it comes with a cost for cybersecurity if not executed in a cautious step. With an expedited demand for digital transformation, while the security tools are still trying to catch up, it introduces a big concern, especially in an OT environment. Moreover, systems in OT environments are usually outdated and obsolete, which makes them more vulnerable in front of digitalization threats.

How is digital transformation impacting the job role and department responsibilities?

Digital transformation introduces a direct impact on the cybersecurity department as it increases the need to conduct risk assessments, add an additional layer to be considered and reviewed by the cybersecurity architect, and increases the number of events that need to be monitored by the security operation center (SOC).

In general, looking at the present and future technology landscape, what are the upside and downside of cyber security solutions?

I believe cybersecurity solutions nowadays are scattered, which introduces a challenge

for cybersecurity leaders to secure the right budget for the right solutions and hire enough resources to manage these tools. Moreover, with the current global challenge to hire and maintain cybersecurity talents, the future of technology needs to have more integrated solutions that can capitalize on artificial intelligence (AI) to reduce the need for manual intervention.

At present, what advice or feedback or recommendation would you give cyber security solution vendors, channel partners, and consultants?

With the increased number of global cyber risks, cybersecurity vendors need to focus on two factors; first, shaping alliances with each other’s which will improve the research & development centers and allow them to come up with outstanding solutions to eliminate the current integration gaps between different cybersecurity tools. Secondly, to work closely with OT vendors who have state of the art tools when it comes to their operational function, unfortunately, cybersecurity always comes as the least of their priority. Imposing cybersecurity functions within new OT versions & tools will significantly reduce the current ongoing OT risk.ë

CYBERSECURITY: RETHINKING BUSINESS, SHAPING THE FUTURE

Please describe your job role?

Represent governance, risk, and compliance objectives for IT security independently and abstractly. Manage the enterprise's information and technology security vision, strategy, and program.

What are the most important and critical aspects of your job role?

Ensuring organizational information and cyber security.

How do you define digital transformation?

Digital transformation is all about providing value to the end user through the use of technology. Digital transformation is mainly cloud, internet-of-things, mobility, and artificial intelligence/machine learning.

According to you, how does digital transformation affect the security posture of any business?

Digital organisation is vulnerable to cyberattacks. Transformation requires partner,

customer, and stakeholder collaboration across departments. Digital transformation imperatives stress already overworked IT professionals juggling business needs, governance, risk, compliance, and regulatory obligations. Organizational networks confronting increasing threats on business systems, IT, and operational technology that enable data-driven decision-making. Information security must be built-in all solutions.

How is digital transformation impacting the job role and department responsibilities?

The role of CISOs and the responsibilities of their departments have changed a lot because of digital transformation. As more business operations move online, cyber threats are on the rise. The CISO is now an important part of the C Suite to protect the organization's digital assets and make sure it has a strong cybersecurity posture. Traditional responsibilities, such as network security and data protection, have grown to include cloud security, third-party risk management, and IoT security. The CISO and the business work together more, and automation is given a lot of attention.

What are the typical challenges faced by a chief security officer in large and medium enterprises?

l Management support

l Budgeting constraints

l Proving cyber security ROI to organisation

l User awareness and acceptance of the significance of information security

What are the key skills required for an ideal chief security officer in this age of digital transformation?

l Strong corporate management experience and expertise of information security risk management and cybersecurity technology and strategy.

l Knowledge of industry security standards, such as NIST, ISO, COBIT

l Capable of understanding and communicating the business investment/expenses implications of the organization's information security operations.

Specifically, what are the challenges and opportunities created by digital transformation including IoT, cloud, and mobility, for chief security officers?

CISOs have faced both challenges and opportunities as a result of digital transformation, including the uptake of IoT, cloud, and mobility.

Digital transformation has extended the attack surface, making it more challenging to protect vital assets from a wide variety of cyber threats. As a result of the spread of new technologies, new forms of cyber threats have evolved, including those that target IoT devices, cloud environments, and mobile devices. Integration of new technology into existing systems can be challenging and typically involves considerable changes to existing security policies and procedures. Digital transformation has led to the development of new compliance standards, which can be difficult to comprehend due to their complexity.

In general, looking at the present and future technology landscape, what is the upside and downside of cyber security solutions?

Upsides: Cyber security solutions are intended

“Cyber security solutions are intended to protect businesses from a wide range of cyber threats”.

to protect businesses from a wide range of cyber threats, including malware, phishing attacks, ransomware, and more. Cybersecurity solutions give companies greater network visibility, allowing for quicker identification and mitigation of threats.

Compliance regulations can be met with the use of cyber security solutions that secure sensitive data properly. Since the landscape of cyber threats continues to expand, cyber security solutions are also evolving to keep up with new threats, hence driving industry innovation.

Although cyber security solutions may require an upfront investment, they can save businesses money over time by reducing the costs associated with data breaches and other cyberattacks.

Downsides: Even though cyber security systems are effective at protecting against known threats, they may give a false sense of security as new and previously unknown threats continue to develop.

Cyber security solutions can be complicated and need substantial resources for effective deployment and management, providing a

problem for smaller organisations with limited resources. Human mistakes, such as employees falling for phishing attempts or misconfiguring security settings, can still contribute to data breaches despite the implementation of cyber security systems.

Although cyber security solutions can save businesses money over time, the initial investment and continuing costs can be prohibitive for some organisations. Occasionally, user privacy concerns are also a worry.

At present, what are your expectations from cyber security solution vendors, channel partners, consultants?

To provide cost-effective solutions to meet the needs of small to medium size organisation.

At present, what advice or feedback or recommendation would you give cyber

security solution vendors, channel partners, and consultants?

It is essential to educate clients about the most current cyberattacks and how to defend against them. Invest in the development of comprehensive client training programs and provide them with educational resources such as webinars, whitepapers, and other material. New threats emerge on a regular basis therefore invest in research and development to create cutting-edge cybersecurity products that provide the best protection for your customers.

Establish alliances and collaborate with each other to offer integrated customer-protecting solutions. Cybersecurity solutions should be user and administrator friendly. Invest in the creation of user-friendly, intuitive interfaces that require minimal training. Ensure that your customer service team is responsive, knowledgeable, and capable of addressing issues quickly and effectively. Maintain knowledge of rules and compliance needs. ë

SUSTAINING A STRONG SECURITY CULTURE

Please describe your job role?

As the Head of Risk & BCM and Responsible for Information Security within my organization, my job role involves overseeing the enterprise risk management and resiliency governance function, developing and implementing information security policies and procedures, and identifying and mitigating information security risks.

What are the most important and critical aspects of your job role?

Specifically, in Information security, safeguard the organization's information assets from cyber threats and vulnerabilities. This involves monitoring and managing potential risks and implementing security measures to prevent unauthorized access, data breaches, and other cyber incidents.

Keeping senior management informed about the organization's security posture and the progress of security initiatives is crucial. This ensures that key stakeholders are aware of potential risks and can make informed decisions to prioritize resources and efforts to address the most pressing security concerns.

What are the typical challenges faced by a chief security officer in large and medium enterprises?

The increasing complexity and sophistication of cyber threats, balancing security with business objectives, keeping up with the rapidly evolving technology landscape, and managing compliance with industry and regulatory standards.

What are the key skills required for an ideal chief security officer in this age of digital transformation?

He must possess a deep passion and understanding for cybersecurity, exceptional communication skills to inspire collaboration and the empathy to balance security with business needs.

How do you define digital transformation?

Digital transformation refers to the adoption and integration of digital technologies into all aspects of the production process, leading to significant changes in operations and value creation.

According to you, how does digital transformation affect the security posture of any business?

It is imperative to consider that any digital transformation introduces new risks and vulnerabilities, as well as increases the complexity of cybersecurity management in the face of automation and interconnected systems and specifically related to industrial automation, smart sensors, and connected devices. However, this transformation also offers opportunities to enhance security through cutting-edge cybersecurity technologies and practices, such as machine learning and artificial intelligence.

How is digital transformation impacting the job role and department responsibilities?

Digital transformation deeply affects the job roles and responsibilities of executives in charge of risk and information security in

several ways. We must continuously update our knowledge of emerging technologies and threats, foster stronger collaboration with other departments, and adeptly balance security with business objectives. Moreover, digital transformation necessitates a shift in mindset, prompting us to adopt a more proactive and strategic approach to risk management.

Specifically, what are the challenges and opportunities created by digital transformation including IoT, cloud, and mobility, for chief security officers?

Cloud adoption and shifting to a mobility paradigm are creating challenges and opportunities for senior executives responsible for risk and information security. We need to make sure that the risks associated with personal devices are properly addressed and mitigated and it is fundamental that any adopted cloud service is secure and it is leveraging advanced cybersecurity technologies to improve security and resilience.

Specifically, on IoT, the challenges stem from the need to secure a diverse array of interconnected devices, protect data privacy, and manage the risks associated with an increased attack surface. Conversely, IoT offers opportunities to leverage advanced cybersecurity technologies, such as machine learning and artificial intelligence, for improved threat detection and mitigation.

In general, looking at the present and future technology landscape, what is the upside and downside of cyber security solutions? In general, the upside of cybersecurity

solutions is their ability to protect against increasingly sophisticated cyber threats and to help businesses stay competitive by enabling digital transformation. However, these solutions can be expensive, difficult to implement, and may not provide 100% protection against all threats and they may create a false sense of security and lead to complacency if not managed properly.

At present, what are your expectations from cyber security solution vendors, channel partners, consultants?

They should deliver innovative and efficient cybersecurity solutions to address the ever-changing needs of businesses, offering top-notch support and services to assist organizations in implementing and maintaining these cybersecurity solutions. They must also proactively support in anticipating future needs, enabling organizations to stay ahead of emerging threats.

At present, what advice or feedback or recommendation would you give cyber security solution vendors, channel partners, and consultants?

Embark on a digitalization journey with a strong focus on cybersecurity. Understand your organization's unique needs and set goals that align with its strategic objectives while prioritizing security. Concentrate on initiatives that inspire stakeholders to embrace cybersecurity and create a passionate roadmap for a secure digital future. Foster collaboration, open communication, and innovation in security practices. ë

THE DEFENDER IN CYBER SECURITY DOMAIN

Please describe your job role?

My role is mainly responsible for leading and managing an organization's cybersecurity strategy and operations. I oversee teams responsible for tasks such as network security, access control, vulnerability management, incident response, risk assessment, compliance, and regulatory issues. I also work in parallel with Digital Transformation Office to align cybersecurity projects with overall business goals, manage budgets and resources, develop policies and procedures, and collaborate with key stakeholders across the organization.

What are the most important and critical aspects of your job role?

I believe the most important and critical aspects are summarized as follows: developing and implementing a strong cybersecurity strategy that aligns with the organization's goals and objectives. Building and leading a talented, diverse, and high-performing cybersecurity

team that can effectively manage and respond to cyber threats. Staying up-to-date with the latest cybersecurity threats, vulnerabilities, and best practices to ensure the organization is well protected. Collaborating with other stakeholders and designated departments to ensure compliance with NCA regulations.

What are the typical challenges faced by a chief security officer in large and medium enterprises?

Balancing the need for effective security measures with budget constraints and competing business priorities, communicating security risks to top management, and the demand to hire more staff are the most challenges from my perspective.

What are the key skills required for an ideal chief security officer in this age of digital transformation?

In my opinion, the most significant key skill required is a deep understanding of the latest cybersecurity technologies and tools. Moreover, the ability to align security strategies with business objectives. The ability to provide clear direction and guidance to the security team as well as the

“Digital transformation enables the use of automation to detect and respond to security incidents”.

ability to have effective communication with other departments and the key stakeholders are other significant keys.

How do you define digital transformation?

It’s simply the process of developing a business model for an organization by enabling emerging technologies.

According to you, how does digital transformation affect the security posture of any business?

Digital transformation can have a significant impact on the security posture of any business, both positively and negatively. While digital technologies can enable new levels of efficiency and innovation, they can also introduce new risks and attack vectors that organizations must be prepared to address.

How is digital transformation impacting the job role and department responsibilities?

Digital transformation has elevated the roles and responsibilities of cybersecurity leaders from a tactical position to a more strategic one. Digital transformation is often creating new security risks by enabling emerging technologies and it requires cybersecurity managers to

engage in continuous learning and professional development to stay up-to-date with the latest technologies and trends in cybersecurity.

Specifically, what are the challenges and opportunities created by digital transformation including IoT, cloud, and mobility, for chief security officers?

Let’s begin first with challenges, there are more entry points for attackers using emerging technologies. As the number of devices and systems increases, so does the complexity of the security infrastructure required to protect them. Take, for instance, cloud technology is seeing organizations turning to third-party providers for a range of services. But without proper due diligence, third parties can form the basis of major cyber attacks.

Nevertheless, there are lots of opportunities created by digital transformation such as organizations can gain a holistic view of their digital assets and the associated risks. This allows them to prioritize cybersecurity investments. In addition, digital transformation enables the use of automation to detect and respond to security incidents, and thus it enables security teams to respond quickly.

In general, looking at the present and future technol-

ogy landscape, what is the upside and downside of cyber security solutions?

The upside of cybersecurity solutions is so significant, as it effectively enables organiza tions to protect their digital assets and data from a growing number of threats.

On the downside, some challenges also come with cybersecurity solutions. Solutions can be costly to implement, maintain, and continually update to keep up with evolving threats and technology trends. Cybersecurity measures may give a false sense of security, leading to complacency or a failure to address emerging threats.

At present, what are your expectations from cyber security solution vendors, channel partners, consultants?

They should have comprehensive knowledge of cybersecurity, including the latest threats, best practices, and trends. In addition to that, vendors should provide reliable technology that adapts to current and emerging threats, while channel partners and consultants should be able to implement and configure this technology correctly. Cybersecurity solution vendors, partners, and consultants should be flexible and adaptable to the diverse needs of an organization.

At present, what advice or feedback or recommenda tion would you give cyber security solution vendors, channel partners, and consultants?

I would advise focusing on collaboration as cybersecurity is a complex and interdisciplin ary field. Also, it’s recommended that vendors, partners, as well as consultants should work with their clients, other vendors, and industry experts to stay on top of emerging threats and take a holistic approach to cybersecurity.

It’s worthwhile mentioning that trust is an essential element of a successful relationship between solution providers and clients. There fore, vendors, partners, and consultants should be transparent about their products and services, listen to clients' needs and concerns, and deliver on promises. Lastly, cybersecurity is an investment in the long-term success of an organization, and solution providers should communicate the business value of their solu tions in addition to technical capabilities.

THREATS AHEAD, COMPANIES STAY CAUTIOUS

“CISOs must prioritize building resilience and adaptability into their security strategies”.

KENAN BEGOVIC CISO

World’s leading media rights management group

Please describe your job role?

As a part of the Group’s CEO team, I am responsible for global information security assurance, Cybersecurity Operations Center and business continuity management.

What are the most important and critical aspects of your job role?

The most important and critical aspects of your job role include:

a. Strategy and Policy Development: Develop and maintain a comprehensive information security strategy and policies that address the organization's risk profile, regulatory requirements, and industry best practices

b. Risk Management: Identify, assess, and prioritize information security risks, and develop mitigation strategies to reduce the organization's exposure to these risks

c. Compliance: Ensure compliance with applicable laws, regulations, and industry standards related to information security and privacy

d. Security Awareness and Training: Develop and implement security awareness and training programs to educate employees on their responsibilities and best practices for protecting the organization's information assets

e. Incident Management: Establish and maintain an incident response plan to effectively manage and respond to

security incidents, breaches, or other cyber events

f. Cybersecurity Operations Center (CSOC): Oversee the day-to-day operations of the CSOC, ensuring timely detection, analysis, and response to cybersecurity threats

g. Threat Intelligence: Stay informed on the latest threat landscape, trends, and emerging cybersecurity technologies to proactively adapt and improve the organization's security posture

h. Business Continuity Management: Develop, maintain, and test business continuity and disaster recovery plan to ensure the organization can continue to operate during and after a security incident or other disruptive event

i. Vendor Management: Manage relationships with vendors and third-party service providers to ensure they adhere to the organization's security requirements and maintain the confidentiality, integrity, and availability of sensitive data

j. Performance Metrics and Reporting: Establish and track key performance indicators (KPIs) to measure the effectiveness of the information security program, and provide regular reports to the CEO and other stakeholders on the organization's security posture

k. Collaboration and Communication: Collaborate with other departments and stakeholders within the organization to promote a culture of security

and ensure that information security is integrated into business processes and decision-making

l. Budget and Resource Management: Allocate and manage resources, including personnel and budgets, to effectively support the organization's information security program and initiatives

What are the typical challenges faced by a chief security officer in large and medium enterprises?

I personally face a variety of challenges, including: Evolving Threat Landscape, Resource Constraints, Compliance Requirements, Balancing Security and Business Objectives, Security Culture, Incident Response and Management, Managing ThirdParty Risks, Keeping Pace with Technological Advances, Talent Acquisition and Retention, Measuring and Reporting Security Performance, Maintaining Business Continuity, etc.

What are the key skills required for an ideal chief security officer in this age of digital transformation?

An ideal Chief Security Officer (CSO) in the age of digital transformation should possess a diverse set of skills to effectively manage and lead an organization's security initiatives. Overall, an ideal CSO should possess a combination of technical knowledge, strategic thinking, business acumen, and strong leadership and communication skills to effectively navigate the challenges of securing an organization in the age of digital transformation.

How do you define digital transformation?

Digital transformation is the process of integrating digital technologies into all aspects of a business or organization, fundamentally changing how it operates and delivering value to its customers, stakeholders, and employees. It involves a cultural shift that encourages organizations to continually challenge the status quo, experiment with new ideas, and embrace change in order to stay competitive in a rapidly evolving digital landscape.

Digital transformation is not a one-time project or initiative; it's an ongoing journey that requires organizations to constantly evaluate, adapt, and innovate to stay competitive and relevant in an increasingly digital world.

According to you, how does digital transformation affect the security posture of any business?

Digital transformation can have both positive and negative effects on the security posture of a business. Understanding these effects is crucial for organizations to effectively manage their security risks in the digital age.

The most important positive effects are Improved Security Technologies, Automation and Efficiency, Enhanced Visibility and Monitoring, and Streamlined Incident Response.

The negative effects include Increased Attack Surface, Complex Security Landscape, Data Privacy Concerns, Third-Party Risks, Skills Gaps, and some Cultural Challenges.

To mitigate the potential negative effects of digital transformation on security posture, organizations should adopt a proactive and risk-based approach to security, ensuring that security is an integral part of the digital transformation journey. This includes conducting regular risk assessments, incorporating security best practices into the design and implementation of new technologies, investing in cybersecurity training and awareness programs, and ensuring robust incident response and business continuity plans are in place.

How is digital transformation impacting the job role and department responsibilities?

Digital transformation is significantly impacting the role of the Chief Information Security Officer (CISO) and the responsibilities of the departments within their office. There are many key challenges, but I will emphasize three here:

1. Broader Scope: As organizations adopt new technologies, expand their digital footprint, and integrate systems, the scope of the CISO's responsibilities increases. This includes securing cloud services, mobile devices, and IoT devices, and managing the security implications of remote work

2. Focus on Resilience and Adaptability: CISOs must prioritize building resilience and adaptability into their security strategies, enabling the organization to respond effectively to evolving threats and security incidents

3. Cross-Functional Collaboration: Digital transformation requires CISOs to collaborate more closely with other

departments, such as IT, legal, HR, and business units, to integrate security into the organization's overall digital transformation strategy

Specifically, what are the challenges and opportunities created by digital transformation including IoT, cloud, and mobility, for chief security officers?

Digital transformation, including IoT, cloud, and mobility technologies, presents both challenges and opportunities for Chief Security Officers (CSOs). The key challenges involve an expanded attack surface, increased complexity in managing diverse systems, heightened data privacy concerns, third-party risk management, and the need for robust device and identity management solutions. Network security also becomes more crucial, especially when dealing with remote access.

On the other hand, opportunities arise in the form of improved security solutions tailored to these new environments, real-time monitoring and analytics, automation of manual security processes, and enhanced incident response capabilities. Additionally, cloud-based security solutions provide scalability and flexibility, allowing organizations to adapt quickly to evolving threats and business requirements.

To address these challenges and capitalize on the opportunities, CSOs must adopt a proactive, risk-based approach to security and ensure it is an integral part of the digital transformation journey. This includes conducting regular risk assessments, incorporating security best practices into new technology implementations, and fostering a culture of security awareness and collaboration across the organization.

In general, looking at the present and future technology landscape, what is the upside and downside of cyber security solutions?

The technology landscape offers both upsides and downsides for cybersecurity solutions. Upsides include advanced technologies that improve threat detection and response, automation of manual processes, real-time monitoring and analytics, scalability and flexibility of cloud-based solutions, integration and interoperability, and improved user experiences.

However, downsides involve increased

complexity in managing security, skills gap due to the rapidly evolving landscape, potentially high costs of implementation, a false sense of security that may arise from overreliance on solutions, evolving threats that require constant adaptation, and privacy concerns surrounding data collection and storage.

To capitalize on the upsides and mitigate the downsides, organizations must adopt a proactive, risk-based approach to security, invest in continuous learning and skills development, and maintain a strong security culture that considers both technology and human factors.

At present, what are your expectations from cyber security solution vendors, channel partners, consultants?

Organizations should expect cybersecurity solution vendors, channel partners, and consultants to offer comprehensive solutions with expertise and experience. Solutions should be customizable, adaptable, and seamlessly integrated with existing IT infrastructure. Vendors should provide ongoing support, updates, and training, along with transparent pricing and clear ROI. They must be knowledgeable about compliance and regulatory requirements, maintain strong communication and collaboration with internal teams, and follow best practices for cybersecurity and data protection in their own systems. By setting these expectations, organizations can better evaluate potential cybersecurity partners and ensure they select those who effectively address their unique security needs.

At present, what advice or feedback or recommendation would you give cyber security solution vendors, channel partners, and consultants?

To vendors, drop the buzzwords and stop treating security vulnerabilities in your products as some bugs that can be fixed at a later stage. Be accountable for your product’s quality.

To channel partners, don’t treat your customers like idiots that should buy your complete portfolio. Offer solutions that they need and are comprehensive. Work against technology piling in your customers’ environments.

To consultants, show that your consultation has both qualitative and quantitative values. Make sure your projects deliver complete solutions and more. ë

CYBER RISKS 2023: CHALLENGE ACCEPTED?

Please describe your job role?

I do oversee the governance framework within the organization that includes the development, implementation of policies, procedures, and guidelines, and adding risk management and compliance. Furthermore, I act as the corporate CISO directing the information and cyber security strategies, enhancing the security posture of the organization, ensure the development, implementation, and adherence of policies, procedures, and technologies to protect the organization’s information assets by enhancing preventive measures and set proper mechanisms to mitigate risks.

What are the most important and critical aspects of your job role?

I can point out strategy alignment, risk management, ensuring compliance, monitoring security operations and threats, training, and awareness, and budgeting and vendor management.

What are the typical challenges faced by a chief security officer in large and medium enterprises?

From my 18+ years of experience, I could

humbly summarize the primary challenges we do face in large and medium even small enterprises depending on their line of business and the information they do possess or process, in the below:

l The complexity and diversity that are added to CISO’s scope

l Prioritizing security projects and balancing them with harsh budget constraints

l Ensuring and managing emerging regulatory compliance

l Constant demand for rapid threat identification and management (internal and external)

l Corporate culture resistance to change especially adapting the security initiatives or in response to threats

l Growing risks related to third parties

l Realizing top management interest in cyber and information security and information asset protection

What are the key skills required for an ideal chief security officer in this age of digital transformation?

Nowadays the CISO required to be a good strategist and have business acumen, to have just enough technical expertise (I may go against the flow here, yes the technical

expertise is important however it is important as the other aspects will get the function active and running on a corporate level; In other words, I can say that the level of technical knowledge depends on the corporate needs and goals, not the post itself). Today’s CISOs need to be good risk managers, hold exceptional communication, convincing & presentation skills; able to define and manage compliance with minimum cost and efforts, great in team management; have proper methodologies in incident response and finally; be creative in identifying corporates new security adaptations Vs. allocated budgets Vs. strategic goals of the function and corporate.

How do you define digital transformation?

Currently having a digital transformation function incorporating is crucial to thriving in the market meeting the nonstop emerging needs and technologies, all with the aim to enhance operations and realize more value for end users.

According to you, how does digital transformation affect the security posture of any business?

Digital transformation can and will increase the attack surface thus it is necessary to have both digital transformation and cybersecurity plans and functions aligned and running in sync.

How is digital transformation impacting the job role and department responsibilities?

While digital transformation increases the need for CISOs yet it presents more challenges, responsibilities and constraints such as the need to adapt swiftly to rapid changes and new technologies generated by digital transformation that eventually will expand the CISO's scope of work. Moreover, CISOs will have to put more efforts in collaboration and planning, and we need to mention that the risk management will become tricky in regards to choosing the best approach to identify, prioritize and manage risks.

Specifically, what are the challenges and opportunities created by digital transformation including IoT, cloud, and mobility, for chief security officers?

As mentioned earlier, the digital transforma-

“Nowadays the CISO required to be a good strategist and have business acumen, to have just enough technical expertise”.

tion increased the importance of information security that helped to expand the CISO scope and exposure to new technologies and innovation on how to secure these technologies. On the other hand, the challenges will become more complex especially when it comes to IoT; it requires different security methodologies, architecture, and skills to manage than we use in normal IT environments. Cloud computing and IoT create more liabilities on CISOs to ensure data privacy and protection as well third-party risk management. Moreover, such new technologies require specific and deep understanding from CISOs and unfortunately most enterprises today do not provide proper training programs therefore such adaptations can pose more threats to enterprises and unfair liabilities on the CISOs.

In general, looking at the present and future technology landscape, what is the upside and downside of cyber security solutions?

While we can see that the current technology landscape is rapidly evolving in all directions mentioning AI, IoT, and 5G networks; the future landscape will be even more sophisticated, especially in fields of quantum computing, Humanoid AI, 6G Networks, etc. The benefits of cybersecurity solutions are helping us build safety nets and walls to protect information assets and reduce the impact of cyber threats & incidents, and eventually building-up customers’ trust. However, it comes at a high cost that limits its usage by a myriad of companies, additionally and in many cases I personally faced issues related to tools and solutions that may impact the usability and functionality of systems. .

At present, what are your expectations from cyber security solution vendors, channel partners, consultants?

The cost of security solutions remains way higher than the allocated budgets for CISOs

among most enterprises. Thus I do anticipate a reconsideration of solutions’ costs or new methods for breaking down such expensive solutions into tailored solutions as per corporates' exact needs and financial capabilities.

At present, what advice or feedback or recommendation would you give cyber security solution vendors, channel partners, and consultants?

I would recommend focusing more on providing customers with preventive and comprehensive solutions that can genuinely help, moreover, the solutions provided should be maintained properly by the providers especially when it comes to updates and patches without any additional costs. Another concern is to have the solutions built with more flexibility and scalability to meet emerging technologies, and finally to deliver solutions that are compliant with regulations and ensure data protection. ë

EXPERT BYLINE

What is Passwordless

Authentication?

Passwordless authentication is becoming more prevalent among businesses emphasising their users' and employees' security and digital experience. Even though the passwords cause critical problems for end-users and cybersecurity managers, there are some effective ways for Passwordless Authentication to solve Security Team and End-User Problems.

ecurity patterns are evolving, and organizations need to balance robust protection with employee appropriateness. One of the major pain points for end-user is passwords – having to handle multiple passwords across hundreds of accounts and websites can lead to significant discouragement. Continuously more, Cybersecurity experts are focusing on passwordless authentication - authorizing users to access corporate networks and services without a password while preserving high levels of protection.

ABDELGHANI ALHIJAWI, Virtual CISO Confidential

Now we will demonstrate what passwordless authentication is and dive into the major issues with passwords as they exist now, how it solves problems, and some best practices for implementation.

At a basic level, passwordless authentication allows any user to be verified and authenticated without requiring them to produce a password. Providing end-users identities can instead be done by using an alternative factor like one-time OTP, hardware token,

authenticator apps, or biometrics all these methods fall under the umbrella of a proof of possession factor, alternatively, passcode, passphrases, etc.

You may already be familiar with some types of passwordless from everyday use like logging into your desktop, or laptop via Windows Hello or Duo Security or logging into an app using FaceID on iOS, or Android fingerprint authentication. Now, you may ask yourself why passwordless authentication is gaining traction.

What are the major issues with traditional passwords?

Passwords cause critical problems for end-users and cybersecurity managers:

1. Every online asset, website account or secure service usually requires a password, which means end-users need to manage and track dozens or more passwords

2. Various accounts have different password rules – for example, some may require a certain number of letters in uppercase and lowercase, while others may not allow special characters

3. Remembering passwords is difficult which means they are often reused and extensively duplicated across services, leading to data breaches and security vulnerabilities

4. Previously credential theft existed on the Dark Web where bad guys can use them in future attacks

5. Most cybersecurity attacks rely on using passwords to breach organization systems and data

In simple terms, passwords are an essential compromising factor in security.

How to achieve Passwordless Authentication?

Every organization has its unique requirements for identifying authorized users; the depth, sensitivity of data, breadth of access, and type of end-users all contribute to authentication rules.

Cybersecurity professionals have several approaches for password alternatives:

l Fingerprints devices that can be compared to a known baseline

l Authentication apps: Such as Duo Security, Google Authenticator, and Microsoft Authenticator

l Security Tokens based on public key cryptography

l Biometrics such as FaceID, fingerprints, voice analysis, or other techniques

Each organization can determine the right mix of authentication approaches, and they can be used in any case whether passwords are required or not.

How Passwordless Authentication solves Security Team and End-User problems?

Passwordless authentication provides various advantages:

l The security team can avoid many of the issues of credentials theft, as there is no password to be hacked

l Passwordless authentication is difficult to manipulate biometric information

l End-Users are not required to remember many different passwords, instead, they need their alternative passwordless authentication only

What are some Passwordless Authentication best practices?

General principles on getting your passwordless authentication on the right path:

l Adapt an integrated Identity and Access Management platform to manage authentication from all types of End-Users and Endpoints

l Educate your End-Users about the advantage of passwordless authentication and collaborate with them so you can resolve any potential resistance

l Have in place adaptive authentication to provide additional challenges to end-users who differ from their usual patterns, especially when logging in, for example, a different device, time, or location

l Think about multiple authentication techniques and merge them based on systems and the sensitivity of the data your end-users are accessing

l Merge a device-managed PIN with a device-generated cryptographic OTP, known only to the end-users

l Have in place a secondary secure channel for authentication, that is separate from the primary communication channel to safeguard against phishing attacks

Finally, by 2025, Gartner predicts more than 50% of the workforce and more than 20% of customer authentication will be passwordless – up from only 10% today. ë

MOST ENGAGED IT CONTENT PORTAL ON LINKEDIN

CISO vs the Ransomware & Malware; Insights into the Challenging Battle

With the rise of technology, every company must adapt to the growing changes. The Security Officer should be vigilant of the latest trends and technologies or risk being left behind it and ensure that the business remains successful.

As a CISO, I have witnessed the evolving landscape of cyber threats, particularly malware and ransomware attacks. Despite the best efforts of IT teams and the business, implementing a successful strategy against these attacks can be a challenging task. One of the most significant challenges that organizations face is keeping up with the constantly evolving tactics used by attackers to penetrate their defenses. The challenge is not only in detecting and stopping malware and ransomware attacks but also in responding to them quickly and effectively.

From a people perspective, one of the main challenges is creating a culture of cybersecurity awareness and responsibility within the organization. The most advanced security technology is powerless without well-trained and security-conscious employees. Therefore, it is essential to invest in regular training and awareness programs to educate employees on the latest threats and best practices. Employees must be aware of their role in preventing cyber threats and the potential consequences of not following security protocols.

Another challenge is in the process, where organizations often struggle to develop and implement effective incident response plans. The response plan should include clear

procedures and protocols for detecting, investigating, and responding to incidents. A critical element of this is testing the plan regularly to ensure it is up-to-date and effective. Also, there should be clear communication channels in place between IT teams, management, and stakeholders to ensure a coordinated response. Budget constraints and limitations are other challenges faced by organizations. It is no secret that cybersecurity technology and expertise can be costly. CISOs must be able to justify the need for investments in cybersecurity and demonstrate the return on investment. The challenge is in finding the right balance

between investing in security technologies and keeping the budget under control.

Finally, maturity and lack of awareness among people can be significant challenges in implementing an effective strategy against malware and ransomware attacks. Organizations must understand that cybersecurity is not a one-time project but a continuous process that requires ongoing investment in people, processes, and technology. The CISO must work closely with the business to create a cybersecurity culture that prioritizes the importance of security and demonstrates the value of investing in cybersecurity. This will

require ongoing efforts to raise awareness and maturity levels across the organization.

In conclusion, malware and ransomware attacks are significant challenges faced by organizations today. CISOs must be aware of the challenges presented by people, processes, and technology, budget constraints and limitations, as well as the challenges of maturity and lack of awareness. By investing in the right security technologies, implementing effective processes and procedures, creating a culture of cybersecurity awareness, and working closely with the business, organizations can mitigate the risk of cyber threats and protect their assets. ë

GISEC 2023 fulfilled the UAE’s objectives of digital transformation

The 11th edition of GISEC Global 2023 organized by Dubai World Trade Center and hosted by the UAE Cybersecurity Council was held on 14th, 15th and 16th March 2023 with a record of 500-plus cybersecurity brands, 300 leading InfoSec and cybersecurity speakers, and 1,000 of the world’s top ethical hackers to discuss their viewpoints in the global security market.

The event took place with the Dubai Electronic Security Center (DESC) as the Official Government Cybersecurity Partner, and the Ministry of Interior, the Telecommunications and Digital Government Regulatory Authority (TDRA), and Dubai Police as Official Supporters.

GISEC Global 2023 was hosted with the theme ‘Connecting minds, boosting cyber resilience,’ which fulfilled the UAE’s

objectives on digital transformation in data management, cybersecurity, government services, and governance.

HE Dr Mohamed Al-Kuwaiti, Head of Cybersecurity, UAE Government highlighted GISEC as the ideal cybersecurity platform and partner with vendors and government entities in the region. He also pointed out GISEC as one of the most important events which are not only for the government but also for the companies which are helping to achieve that resiliency and nowadays the sectors like healthcare, education, oil and gas, electricity, water, transportation, and aviation are going through digital transformation. Addressing the

CISOs in his keynote speech, HE Dr Mohamed Al-Kuwaiti, emphasized the importance of partnerships and collaborations based on the values of trust and clarity to achieve the goal of building better cyber resilience.

HE Dr Mohamed Al-Kuwaiti was presented with the Cybersecurity Excellence Awards’ Global Leadership Award at GISEC Global’s Mainstage, for his impactful mission to develop cyber talent, spread cyber awareness and cyberculture, and make UAE at the forefront of international cyber resilience.

The event witnessed the CISOs from major corporations across the Middle East, Africa & Asia. The government dignitaries and cyber

leaders, some major cybersecurity enterprises from 40 countries, innovators and global experts joined together to discover innovative and effective strategies. More than 35,000 visitors from 100-plus countries attended the three-day event.

The Middle East’s effective and influential cybersecurity event is a confluence for the global cybersecurity community. The event united cybersecurity experts and the industry’s leading brands in the three days of conference sessions, keynotes, product launches, partner seminars, interactive sessions, briefings, and more. The speakers shared their views across six halls and nine stages – Main Stage, Government Stage, The Global Cybersecurity Congress, Critical Infrastructure Dome, Dark Stage, Nation Stage, Cyber Stars, Xlabs, INSPIRE, Hack360, and the Academy.

The top ethical hackers and infosec leaders like Bruce Schneier (Cybersecurity Guru and one of the world’s most recognizable voices on cybersecurity), Kevin Mitnick (World’s most famous hacker, Global selling author and top cybersecurity keynote speaker), Jamie Woodruff (The man who hacked Kim Kardashian, discovered vulnerabilities in Facebook, Google and other well-known online apps), Bryan Seely (The only hacker to wiretap the US Secret Service & the FBI, uncovered over 20 million Social Security Numbers and featured on the front pages of Wired, CNET, Forbes, Washington Post & CNNMoney), Matthias Schranner (Former FBI trained hostage negotiator, undercover drugs enforcement agent & author), Sudhakar Ramakrishna (President and CEO, SolarWinds) joined the impactful event and made it a big success by sharing their perspectives.

GISEC Global 2023 was a hub of some major global technology leaders like Huawei, Microsoft, Cisco, Honeywell, and du who came up with their innovative cybersecurity solutions. Moreover, there are some infosec companies like Spire Solutions, CPX, Crowdstrike, Mandiant, Pentera, Pvotal, Port53, Cloudfare, Edgio, Secureworks, Synack, Threatlocker, Votiro, Spidersilk, and Waterfall.

GISEC Global 2023 initiated UnLock – the GISEC Cyber Stars Pitch Competition in which around 100 cybersecurity start-ups revealed their innovative solutions that focused on the future of cybersecurity, that is connecting with investors, mentors, prospects, IT security and corporate buyers, government

officials and influential disruptors. UnLock comprised three categories, Best Global Startup, Best Regional Start-up, and for academia, the Most Innovative Idea.

Other highlights of the event include World Cyber Championship, Bug Bounty, Women in Cybersecurity, CISO Circle and Secret Briefings. GISEC invited companies to be part of the largest bug bounty challenge in which the organizations can interact and identify the threats in collaboration with global bug bounty hunters, white hat hackers, InfoSec professionals and members of the InfoSec communities.

The Women in Cybersecurity was another highlight of the event which was the speaking session of some influential women leaders like Elisabeth Beiter (Chief Administrative Officer, Pvotal Technologies, USA), Clar Rosso (CEO, (ISC), US), Celia Mantshiyane (Chief Information Security Officer, MTN (Mobile Telephone Network), South Africa), Nia Zumot (Cybersecurity Specialist, Microsoft, UAE), Neha Yadav (Global Head of Information Security Assurance & CISO, RAIN, UAE), Shamma Bin Hammad (Founder and CEO, CyberHero, UAE) and more.

In the CISO circle the top CISOs came up with their viewpoints on the cybersecurity challenges and emphasized on a resilient and safer cyber future. The session was addressed by HE Dr Mohamed Al-Kuwaiti.

GISEC Global is the platform of solution that brought the stakeholders together in a unified and a bold approach to cybersecurity. GISEC 2024 is all set to host on 23rd, 24th and 25th April at Dubai World Trade Centre and the ground is ready for the cybersecurity community worldwide. ë

PRESENTS

SEC _ RITY IS NOT COMPLETE WITHOUT U!

The GCC Security Symposium is back for its 7th year, and it’s bigger than ever!

Qatar edition was successfully held on May 11, 2023. Dust Doha witnessed an overwhelming response as more than 120 CISOs, BCM heads, Risk and Resilience officers, and technology heads gathered for an unforgettable event. The Symposium will visit two more GCC countries: the UAE and Saudi Arabia, gathering over 400+ leading security decision-makers. When it comes to cyber security, we all have a role to play: attackers are increasingly circumventing technical controls and targeting account holders who inadvertently ‘open the door’ to attackers.

Aside from the overarching theme of ‘Sec_rity is not complete without ‘U,’ the symposium will take a closer look at how leaders in BCM and Risk management are assisting companies in developing

a strong business case for business continuity and crisis risk management. The conference will also bring together top leaders in crisis management, disaster recovery, cybersecurity, and business resilience.

The symposium provides an excellent opportunity to gain exceptional knowledge on how an agile BCM plan will increase your organization’s flexibility and agility. The event will include a powerful lineup of keynotes, presentations, workshops, and panel discussions, as well as an exhibition of top providers in the business continuity and resilience industry.

CISO Awards

The Cyber Sentinels CISO Awards will honor the hard taskmasters of security in digital enterprises for their unwavering dedication to

CISO Awards 2023

Future Security Leaders Awards

BCM and Risk Champions Award

their organization’s security infrastructure. The award honors the top CISOs who use technology to secure critical business information assets, reduce risk, and deliver business value. The award ceremony serves as a platform for them to showcase their accomplishments and share their expertise and knowledge.

Future Security Leaders Awards

As the threat landscape becomes more vulnerable by the day, there is no end to innovation and no limit to improvement in enterprise security solutions. The Cyber Sentinels Security Awards 2023 honor security vendors, VADs, System Integrators, and Resellers who have gone above and beyond in innovating their solutions and services for customers, redefining the term “value” in security offerings.

Business Continuity Management and Risk Champions Award

The BCM and Risk Champions Award recognize individuals or teams who have demonstrated exceptional skills

and contributions in promoting and implementing BCM and risk management within their organization. The award seeks to raise awareness about the importance of risk management and BCM, as well as to recognize those who have made significant contributions in their field.

BCM is a proactive strategy for ensuring that critical business functions continue both during and after a disruption. It assists organizations in identifying potential risks and developing risk-mitigation strategies. Risk management entails identifying, assessing, and prioritizing risks, as well as developing strategies to effectively manage them.

Individuals or teams who have demonstrated leadership, innovation, and a commitment to promoting BCM and risk management within their organizations, resulting in improved resilience, preparedness, and successful recovery from disruptions, are recognized with the BCM and Risk Champions Award.

The Grand Finale

The Middle East Annual CISO Conclave, hosted by Global CISO Forum, will bring

together the top CISOs and Security Heads from the Middle East, Asia, Africa, and Europe to celebrate, engage, and socialize with partners and peers from September 20-22, 2023, in BAKU Azerbaijan.

The three-day Conclave is designed for industry leaders to network, share innovation, and source the latest products as we navigate a new era in security technology. This annual meeting in Baku is a strong step towards the Global CISO Forum’s vision of providing a year-round platform for the security community to connect with end users, consultants, and technology buyers through multiple digital channels. ë

GEC Media Group concludes 9th edition of Future IT Summit 2023

GEC Media Group on Thursday concluded the 9th edition of Future IT Summit 2023 which was embellished by the attendance of over 200 IT decision-makers and some amazing panelists and keynote speakers.

The Future IT Summit is one of the most prestigious events in the technology industry, bringing together experts, thought leaders, and decision-makers from around the world to share their insights and experiences. This year’s edition was bigger and better than ever before, with a lineup of distinguished speakers, engaging panel discussions, and exciting networking opportunities. The Future IT Summit’s theme this year was Cloud and Automation Towards a Sustainable Business and Economy, and everyone gathered to discuss the latest trends, challenges, and opportunities in the field of cloud computing and automation.

In modern business, Cloud and Automation both digital and business stand as one of the strongest contenders in helping business to reach the ESG goals. As organizations adopt more and more of automation tools and cloud-based platforms, we are moving inches closer to further reducing the carbon footprint.

The 9th edition of the Future IT Summit was an eye-opener as to

how the technology pioneers are realizing this vision and bringing on board some practical use cases to spearhead the charts and make further inroads for other solutions to fortify an organization’s infrastructure.

The award winners were felicitated with The Cyber Sentinels Badge of Honor, Catalyst Awards and TOP 10 Happy IT Companies to work for Awards. The badge of honor felicitates the honorable CIOs who have made it to the Cyber Sentinels magazine in the year 20222023. The Badge of honor being presented to these CIOs is a recognition for their contributions to Cyber Sentinels.

The Catalyst Awards are presented to companies who have excelled in marketing. Industry’s most coveted title and favorite awards ceremony is all set to recognize and honor the trailblazers in the industry who have been uplifting the brand and reputation of their respective organizations in these difficult times with various cutting-edge initiatives, platforms and market-penetration and truly acting as ‘CATALYSTS’ in the ever-changing market landscape. Also, Top 10 IT Companies which are happy places to work in are awarded and appreciated for their culture and ethos. The Top Ten Best IT Companies to Work for in 2023” is a one

of its kind recognition in the region for the IT Fraternity that would celebrate the ‘Exuberance’ of the people working in an organization. This special recognition felicitates and recognizes both fast-growing & established companies in UAE that offer tremendous career advancement opportunities together with leading-edge employee perks and benefits and most importantly valuable employee engagement.

The ceremony was kickstarted with a welcome note by Ronak Samantaray, Co-Founder & CEO, GEC Media Group followed by an editor’s note by Sonal Chhibber, Editor-in-Chief, GEC Media Group. ë

SEC _ RITY IS NOT COMPLETE WITHOUT U!

11th May, 2023

Dusit Doha, Qatar

18th May, 2023

KSA

25th May, 2023

Address Dubai Mall