Resistance is futile: CISOs talk about embracing change

During a recent panel discussion at the Information Systems Security Association (ISSA) conference in Anaheim, Calif, leading CISOs agreed big changes are afoot in their organizations -- and resistance is futile.

Among other things, they expressed concern with the tight IT security job market and how millennials are forcing a major cultural shift in the enterprise.

Also see: " Do digital natives worry about privacy? You might be surprised"

CISOs also said they face significant budget pressure, and no sector is immune. "If you are in the healthcare industry you are in the midst of serious economic change," said Eric Cowperthwaite, chief security officer at Providence Health & Services, who spoke at the Embracing Change panel, moderated by Bob Bragdon, publisher, CSO Magazine and Panelists also included Jack Jones, former senior VP and CISO, Huntington Bank; Tammy Moskites, VP and CISO at Time Warner Cable and Robert Pittman, CISO at County of Los Angeles.

More from Eric Cowperthwaite: " Providence Health CSO on Recovering From HIPAA Violations"

For instance, while it was once widely assumed that the healthcare industry was immune to economic downturns, the recent recession has proven such notions untrue, Cowperthwaite explained. "It turns out that long term unemployment impacts healthcare. That's driving us to think about how to provide care when we have to provide a lot more care for people who don't have means to pay for it."

The financial industry is also feeling the squeeze. "Financial institutions have had their profit margins squeezed so thinly it affects everything we do, including access to resources," said Jones. "The threat landscape and the number of external regulations also squeeze resources so that we have to do more with less."

When asked about security spending and trends in cloud computing and BYOD, most of the panelists were in agreement that the shift to cloud services and mobile devices are here to stay.

"The new generations, they were born into computers," said Pittman. "They've always known mobile computing, the iPhone and now the iPad," he said, making it clear that it's unlikely that this upcoming workforce is ready to tolerate antiquated technology to do their work.

"Everyone wants their own device," said Moskites, which she stressed as not always a reasonable expectation. "Personally, I have my own device I also use a corporate device. I keep my worlds separate. But the millennium generation doesn't see it that way," she said. Moskites relayed a story of a new hire to her team who had come into her office and wanted to know where his new MacBook Pro and iPhone were. "I need a Mac and an iPhone he said. I told him this doesn't always happen in real life. He was visibly shaken," she said.

"To Millennials the core value is social value," said Pittman. "It's wrapped in social media and the social network. These individuals 31 years old and younger are driving BYOD, and all of this social interaction is influencing the technology we use, big data, regulation, and even privacy," he said.

The changes the younger IT workforce are bringing to organizations is only part of the challenge. Another is the difficulty most panelists described in finding security personnel they viewed as qualified. "I have more positions that will be open [soon], and I will have a difficult time finding qualified people for those jobs," Moskites said.

When it came to cloud computing, Jones succinctly summed up the opinions of the panel on its enterprise impact: "That train, cloud computing, has left the station. We can be on it, or under it, or in front of it. This stuff [cloud] is going to happen." George V. Hulme writes about security and technology from his home in Minneapolis. You can also find him tweeting about those topics on Twitter @georgevhulme.

Read more about application security in CSOonline's Application Security section.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationsgeneration yProvidence Health & Servicessoftwarecloud computinginternetdata protectionBYODISSAData Protection | Application SecuritysecurityCloudAccess control and authentication

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by George V. Hulme

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place