The Mind of the CSO

April 1, 2017

I have been given the opportunity to be a member of a few security executive forums. These are trusted communities. It is understood that some information cannot be shared or, if shared, not attributed. I am honored and humbled to be a part of these leadership associations.

When you walk away from such meetings, you realize the world is very complex and not one of us in the room have all the answers. I also remind myself that although the world can be a frightening place, there is hope when people of integrity, vision and faith work together to make it safer for generations to come.

From these groups, I attempt to take the learnings and apply them to our clients, our employees and, ultimately to the strategic direction of my company. I know others are doing the same.

Here are some of the paths of knowledge I am taking because of these meetings to see a little farther down the road.

We must be a trusted advisor. But now trust is more than a relationship; it is a responsibility to build the competencies needed to construct a highly resilient and valuable risk mitigation program for our clients. This will include the security of security technology itself and the sustainable practices to keep it secure.
We are not only protecting devices or the network. Those are entry points. We are protecting the information assets (data) that keep our clients operational. This is a much different mindset, and a strategic one.
Identity is critical. We must begin to move to more authentications in all of our critical areas.
Remain conscious that every CEO’s priority and obligation is to be valuable and competitive. And their suppliers’ CEOs feel the same. Our job is to help them navigate between opportunity and risk.
One of the greatest risks is the insider risk. Not necessarily from malicious intent. But from poor training, lack of core processes, and poor technology selection and maintenance.
We are in the information management business. Our clients need intelligence: global risk intelligence, employee risk intelligence and business process intelligence. We need to find a way to give them the tools to create a “data” plan and manage, report and sustain it over time.
We must be mindful of what risks are survivable and what events are not. Our CEOs don’t care about a thief; they care about the X-event that will drastically alter their path to value.
We must prepare for a new model of communication that is drastically altering the fundamentals of our culture, economy and business. IoT is the acronym of opportunity and for disruption. We are moving rapidly to machine to machine communication which will change the way we identity and analyze risk, and respond to it. A truly brave new world.

I say to my people, the only thing we should fear is our inability to embrace and leverage change. That is our most important cultural asset. Then we can navigate the risks and opportunities that are here and now and in our future.

Phil Aronson is the second generation owner of Aronson Security Group (ASG) a provider of risk, resilience and security solutions within the emerging Security Risk Management Services (SRMS) industry. Aronson is heavily invested in a legacy of value for the industry by hosting an executive leadership forum called The Great Conversation, by participating in the International Security Management Association (ISMA) and by leading his company to the next generation of security services.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

The Mind of the CSO

Recent Articles by Phil Aronson

Is Voice the Next Stage for your Enterprise Security Program?

The Best Technology Ever Created

Stranger in a Strange Land: Finding the New Normal of Security Culture

Greenfield Conversations with Security Leaders

Are You Giving Back to the Security Industry?

Security Magazine

2020 October

The Mind of the CSO

Recent Articles by Phil Aronson

Related Articles

Related Products

Report Abusive Comment