A 'Modern Cybersecurity Risk Program' and What It Looks Like Now

He was a keynote speaker at SecureWorld Philadelphia, and I had a great opportunity to interview Demetrios Lazarikos (Laz) about building and nurturing a modern cybersecurity risk program. 

One conversation and I could tell he was drawing on deep InfoSec and leadership experience.

Laz was Chief Information Security Officer (CISO) at vArmour, Sears, and Silver Tail Systems. He also spent time as the VP of Strategic Initiatives at ReddShell Corporation (acquired by TrustWave), and he is a former PCI QSA.

So what, exactly, does he mean by a "modern risk program?" Well, I asked him about that and here are his insights:

1. "A modern cybersecurity program must have Board and Executive level visibility, funding, and support. The modern cybersecurity program also includes reporting on multiple topics: understanding how threats impact revenues and the company brand, sales enablement, brand protection, IP protection, and understanding cyber risk," says Laz.
2. "Additionally, how do I sift through the increase of cybersecurity tools that appear to be a 'silver bullet' while managing the day-to-day functions of my cybersecurity program?"

Laz believes there is great opportunity for InfoSec leaders right now.

Chances are increasing that you have the attention of your executive staff and the board. Now you must position your cybersecurity program for success and funding for 2018 and beyond. 

"The modern cybersecurity program will be as critical as reporting on sales revenues (or losses) in monthly and/or quarterly reporting to Executives, the Board of Directors, investors, and partners."

Sounds like a lot of opportunity along with a healthy dose of pressure, doesn't it?