In his article, Security Report columnist Rangel Rodrigues, detaches the importance of the CISO have the conviction of being capable to manage major crises and calls the attention for professionals to never lose their hacker soul.
The recent conflicts between Russia and Ukraine have awaken organizations for the massive attacks, both from the Russian and occidental sides. Groups such as Anonymous have liberally united against Russian Government, attacking essential services as TV, radio, energy, among others. While the World walks towards an unknown scenario or apocalyptic era, It is time for security professionals to manage well their positioning in the organizations.
Fear and dread concerning to this geopolitical war, consequently, has created in parallelly a cyber-war. North American Government itself, together with CISA, has advised american organizations to close monitor their technological environments. Since the finacial institutions work for the sake of conformity with regulation and eventually face difficulties in their way to certification, whereas software companies strengthen with more robustness the compliance process in cybersecurity, been on-premises or cloud for approval in front of the costumers, ensuring their data will be safe during the product use.
On the other hand, specialized schools and educational institutions offer plenty of specialized courses, nevertheless, the lack of cybersecurity professionals keeps high upt to the Everest summit. There is no doubt tha cybersecurity has became the most limelighted area in this pre-apocalyptic era.
I am a teacher for a cybersecurity course where I share the good practices and experiences I have lived through the last 20 years. I have seen cycles change in this technological metamorphosis and my perception is that the way to resist, is keeping a hacker soul. There are hackers all over the World, in the classrooms, in Software Engineering and Network Engineering, or even that businessman who reads and follows some feeds about threat trends. But, in the core, he has his roots.
I think we are living confusing times. There are so many security solutions, an avalanche of requirements for data protection on the privacy perspective, compliance and cloud solutions, automatization and orchestration on cloud. So many papers, guides and certifications that, if we don't have a North, we might get confused and lost on the vision and mission designed for us as infosec professionals.
Recently, Gartner announced that some CISO functions will migrate to IT, and, indeed, it's visible that the management on cloud changes, compared to the tradtional environment. Literally, the infosec professionals' challenge is knowing how to manage the transition in this change, being the way of managing OPEX and CAPEX on cloud, the identities management to avoid blast radius, or the way we apply the policies on cloud and application of patches on images. It is evident that are many the complex environment, on-premisses legacies and I see that, perhaps, this has been the biggest challenge.
For example, the velocity for publishing an altered code in production via Infra-as-Code (IaC) CI/CD pipelines changes realatively with datacenter traditional environment. Nevertheless, I have noticed that the time has come for a better attention with the atualization aspects and profession capacitatio, understanding the organization business model and how this outcome will achieve the business. For understanding it, first of all, we must be sure we are capable to manage in front of chaos.
We must be a key part to ensure our partners on IT and business organization can accomplish their activities and safely support the projects to a new safe way, not exposing the organization to unnecessary risks. That said, I believe that, in 2022 we must be able to expand our roles and responsabilities before this battle and transition we are living.
I believe the success of the security professionals requires consistency on the deliver of results for the goals performance, conformity with the standards, measuring and creating a positive impact on the costumers and business. Also, depending on the role, we must demonstrate an expected leadership behavior with the best security practices to achieve the success of the organization.
May this article works as a reflection on which way cybersecurity is taking on a moment of crisis, to overcome the challenges or to show major resilience and articulation in this moment of strong winds versus digital transformation.
This article was published at Security Report portal.
*Rangel Rodrigues (csocyber) is an Information Security Advisor, CISSP, CCSK, and postgraduate on Internet Networks and Information Security by FIAP and IBTA. Has MBA on IT management by FIA-USP and is a cybersecurity teacher at FIA. Nowadays, is a Senior Security Engineer for a finacial company in the USA.
The recent conflicts between Russia and Ukraine have awaken organizations for the massive attacks, both from the Russian and occidental sides. Groups such as Anonymous have liberally united against Russian Government, attacking essential services as TV, radio, energy, among others. While the World walks towards an unknown scenario or apocalyptic era, It is time for security professionals to manage well their positioning in the organizations.
Fear and dread concerning to this geopolitical war, consequently, has created in parallelly a cyber-war. North American Government itself, together with CISA, has advised american organizations to close monitor their technological environments. Since the finacial institutions work for the sake of conformity with regulation and eventually face difficulties in their way to certification, whereas software companies strengthen with more robustness the compliance process in cybersecurity, been on-premises or cloud for approval in front of the costumers, ensuring their data will be safe during the product use.
On the other hand, specialized schools and educational institutions offer plenty of specialized courses, nevertheless, the lack of cybersecurity professionals keeps high upt to the Everest summit. There is no doubt tha cybersecurity has became the most limelighted area in this pre-apocalyptic era.
I am a teacher for a cybersecurity course where I share the good practices and experiences I have lived through the last 20 years. I have seen cycles change in this technological metamorphosis and my perception is that the way to resist, is keeping a hacker soul. There are hackers all over the World, in the classrooms, in Software Engineering and Network Engineering, or even that businessman who reads and follows some feeds about threat trends. But, in the core, he has his roots.
I think we are living confusing times. There are so many security solutions, an avalanche of requirements for data protection on the privacy perspective, compliance and cloud solutions, automatization and orchestration on cloud. So many papers, guides and certifications that, if we don't have a North, we might get confused and lost on the vision and mission designed for us as infosec professionals.
Recently, Gartner announced that some CISO functions will migrate to IT, and, indeed, it's visible that the management on cloud changes, compared to the tradtional environment. Literally, the infosec professionals' challenge is knowing how to manage the transition in this change, being the way of managing OPEX and CAPEX on cloud, the identities management to avoid blast radius, or the way we apply the policies on cloud and application of patches on images. It is evident that are many the complex environment, on-premisses legacies and I see that, perhaps, this has been the biggest challenge.
For example, the velocity for publishing an altered code in production via Infra-as-Code (IaC) CI/CD pipelines changes realatively with datacenter traditional environment. Nevertheless, I have noticed that the time has come for a better attention with the atualization aspects and profession capacitatio, understanding the organization business model and how this outcome will achieve the business. For understanding it, first of all, we must be sure we are capable to manage in front of chaos.
We must be a key part to ensure our partners on IT and business organization can accomplish their activities and safely support the projects to a new safe way, not exposing the organization to unnecessary risks. That said, I believe that, in 2022 we must be able to expand our roles and responsabilities before this battle and transition we are living.
I believe the success of the security professionals requires consistency on the deliver of results for the goals performance, conformity with the standards, measuring and creating a positive impact on the costumers and business. Also, depending on the role, we must demonstrate an expected leadership behavior with the best security practices to achieve the success of the organization.
May this article works as a reflection on which way cybersecurity is taking on a moment of crisis, to overcome the challenges or to show major resilience and articulation in this moment of strong winds versus digital transformation.
This article was published at Security Report portal.
*Rangel Rodrigues (csocyber) is an Information Security Advisor, CISSP, CCSK, and postgraduate on Internet Networks and Information Security by FIAP and IBTA. Has MBA on IT management by FIA-USP and is a cybersecurity teacher at FIA. Nowadays, is a Senior Security Engineer for a finacial company in the USA.
Comentários
Postar um comentário