Business & Technology

CISO Customer Panel - Accelerate 2017

By Bill McGee | January 27, 2017

I recently wrote about the general sessions held on the first day of Accelerate. There was so much great information presented that I couldn’t do justice to it in the general overview I posted of the morning’s events. So I wanted to take a few minutes and provide some deeper information around one of the best sessions of the day – the customer panel.

Reading through the comments posted on our internal Accelerate app, many attendees not only felt this was one of the best sessions of the day, but in the words of one attendee, “this was one of the better customer panel discussions I’ve experienced.”

This session was moderated by Jonathan Nguyen-Duy, Fortinet’s VP of Strategic Programs, and featured Colin Anderson, the CISO and VP of Information Technology at Levi Strauss & Co., a global clothing manufacturer and retail chain, and Peter Keenan, the CISO at Lazard, a premiere financial services firm.

Here are some of the more noteworthy quotes from this lively and interesting panel discussion:

Peter Keenan: If you are solving problems at human speed you are at a huge disadvantage, because your attackers are operating at machine speed.

Colin Anderson: Companies need to align their security investments to their business goals. They need to understand how their security investments can drive and expand business and help them move into new markets, rather than just provide profit protection.

Peter Keenan: A question that our board asks is, “what are our peers doing?” When it comes to liability, if you are below, or even equal to the bar set by your peers in the industry, and something happens, you are in trouble. To raise the bar you need metrics to understand what sort of attacks you are seeing so you can effectively match security to risk.

Peter Keenan: Organizations need to make sure they are on the cloud train, and not in front of it. But cloud doesn’t work for everything, so you need security that can span across the organization.

Colin Anderson: Our company’s overriding goal from a technical perspective is to bring the mobility and online experience to the retail experience.

Peter Keenan: Phishing and ransomware had serious impacts last year. The truth is, phishing works. This may not be politically correct, but the dumbest guy in your organization probably has an email address, and no matter what you send to him, he’s going to click on it. And he’s going to keep clicking on it no matter how many warnings he gets.

At the end, panelists were asked to sum up their feelings about security. Here are their thoughts:

Colin Anderson: Security is a business issue, so security leaders also need to be business leaders. Security is not just about the technology. It needs to be discussed in business terms, and understood how it can help the organization grow the business as well as address the problems they are trying to solve.

Peter Keenan: Security is all about trust. In financial services we sell trust. It’s our most valuable asset. So when you are communicating with the board and executive staff about security, you have to communicate and inspire that feeling of trust. They need to understand that the security being implemented will increase the level of trust across the entire infrastructure to not only protect assets but also enable profitability.

Read more about this year's Accelerate on our blog.