The Mind of the CSO

April 1, 2017

I have been given the opportunity to be a member of a few security executive forums. These are trusted communities. It is understood that some information cannot be shared or, if shared, not attributed. I am honored and humbled to be a part of these leadership associations.

When you walk away from such meetings, you realize the world is very complex and not one of us in the room have all the answers. I also remind myself that although the world can be a frightening place, there is hope when people of integrity, vision and faith work together to make it safer for generations to come.

From these groups, I attempt to take the learnings and apply them to our clients, our employees and, ultimately to the strategic direction of my company. I know others are doing the same.

Here are some of the paths of knowledge I am taking because of these meetings to see a little farther down the road.

We must be a trusted advisor. But now trust is more than a relationship; it is a responsibility to build the competencies needed to construct a highly resilient and valuable risk mitigation program for our clients. This will include the security of security technology itself and the sustainable practices to keep it secure.
We are not only protecting devices or the network. Those are entry points. We are protecting the information assets (data) that keep our clients operational. This is a much different mindset, and a strategic one.
Identity is critical. We must begin to move to more authentications in all of our critical areas.
Remain conscious that every CEO’s priority and obligation is to be valuable and competitive. And their suppliers’ CEOs feel the same. Our job is to help them navigate between opportunity and risk.
One of the greatest risks is the insider risk. Not necessarily from malicious intent. But from poor training, lack of core processes, and poor technology selection and maintenance.
We are in the information management business. Our clients need intelligence: global risk intelligence, employee risk intelligence and business process intelligence. We need to find a way to give them the tools to create a “data” plan and manage, report and sustain it over time.
We must be mindful of what risks are survivable and what events are not. Our CEOs don’t care about a thief; they care about the X-event that will drastically alter their path to value.
We must prepare for a new model of communication that is drastically altering the fundamentals of our culture, economy and business. IoT is the acronym of opportunity and for disruption. We are moving rapidly to machine to machine communication which will change the way we identity and analyze risk, and respond to it. A truly brave new world.

I say to my people, the only thing we should fear is our inability to embrace and leverage change. That is our most important cultural asset. Then we can navigate the risks and opportunities that are here and now and in our future.

Phil Aronson is the second generation owner of Aronson Security Group (ASG) a provider of risk, resilience and security solutions within the emerging Security Risk Management Services (SRMS) industry. Aronson is heavily invested in a legacy of value for the industry by hosting an executive leadership forum called The Great Conversation, by participating in the International Security Management Association (ISMA) and by leading his company to the next generation of security services.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.