Q&A: Protiviti's Sameer Ansari on CISOs' Growing Challenges

We spoke with Sameer Ansari, a veteran of cybersecurity who has led cyber strategies at major firms like PwC and Deloitte.
Managing Director - Global Cybersecurity and Privacy Lead at Protiviti, Sameer Ansari discusses his views on the growing challenges CISOs now face

The cybersecurity sector is fast-paced and rapidly evolving, becoming even more dynamic with the introduction of AI. AI can pose an unprecedented volume and sophistication of threats that security leaders must be prepared to handle. When a new person steps into the role of Chief Information Security Officer (CISO), there is little time to find their feet in the role before needing to begin addressing these challenges head-on. 

So why are the first 100 days of a CISO's tenure so important? And how has the role itself changed over time? To provide insight, we spoke with Sameer Ansari, a veteran of cybersecurity who has led cyber strategies at major firms like PwC and Deloitte. Now just shy of a year into his role as Managing Director - Global Cybersecurity and Privacy Lead at global consulting firm Protiviti, Ansari shared his perspective.

Sameer Ansari
  • Managing Director - Global Cybersecurity and Privacy Lead at Protiviti
  • 20 years of privacy, data protection, cybersecurity and information technology experience.
  • Previous roles include Head of Data Governance and Privacy at Vanguard and Managing Director - Cyber Risk at Deloitte
Youtube Placeholder

Can you tell me a bit about yourself and your role at Protiviti?

I'm a Managing Director in Protiviti's Technology Consulting group based out of Philadelphia. I serve as the Global Cybersecurity and Privacy Lead for the firm, leading our team of Cybersecurity and Privacy professionals that work with our global clients to prepare for and solve cybersecurity and privacy issues.

How has the role of CISO changed over the years?

Initially, the CISO role was heavily focused on protection of an organisation's perimeter and network, along with the data and systems connected directly to the network. Today, the CISO's responsibilities have become increasingly complex based on the proliferation of devices and data across many networks, third parties and partners. As the CISO role continues to evolve, they must take a step further. In addition to understanding new technologies and the exponentially increasing threat landscape, the CISO must become a communicator and educator in order to inform executives, board members and employees of key threats and impacts to the business.

Why are the first 100 days of a CISO's tenure so critically important to setting up their role for success?

The first 100 days are critically important because it requires a CISO to establish credibility and develop relationships with a multitude of stakeholders and partners within the organisation. They are also tasked with understanding the business operations, current state of cybersecurity capabilities, the threat landscape, and any existing vulnerabilities within the organisation's environment. Once the CISO understands the current state, they will quickly need to establish their plan and top priorities of things that need to be addressed, along with the necessary investments to operationalise those plans. A daunting aspect for new CISOs is they don't have great visibility into what they've inherited until they are immersed into the role. Quick action is required to get this understanding in order to help mitigate any existing or near-term threats.

How do you advise CISOs in an increasingly complex cyber environment?

We often talk to CISOs about prioritisation and understanding how their prioritisation of risks aligns to the overall business strategy. Understanding the threat landscape, as well as its ability to affect business operations and business risks, is where we spend a significant amount of time working with CISOs. This enables CISOs to make sure they are focusing on what is important to the business without getting distracted by a large volume of potential issues.

What do you see as one of the top priorities for CISOs this year?

As identified in Protiviti's Top Risks Survey, generative AI has been a popular topic of conversation across multiple industries, and I see this as being a big area of focus for CISOs. Generative AI can fuel more sophisticated attacks and executives and boards are paying attention to this area through different angles. One angle is establishing appropriate governance and security around generative AI tools that are being created and used to drive the business strategy. The other is understanding how bad actors are using these tools to create complex attacks on organisations and leveraging vulnerabilities at an alarming pace to outsmart defences. CISOs need to start thinking about how they can leverage generative AI to aid in identifying attacks and establishing more effective automated mitigation capabilities.

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

Share

Featured Articles

Hiddenlayer CSO Tells Why It Made an AI Security Council

Chief Security & Trust Officer at HiddenLayer Malcolm Harkins explains why the company felt the need to create an AI Security Council and its objectives

Cooperation Key Theme at Microsoft Endpoint Security Summit

The Microsoft Endpoint Security Summit brought together leaders in the cybersecurity industry to discuss strategies for securing endpoints on Windows

Why the UK is Listing Data Centres as Critical Cyber Assets

Being Western Europe's leader in number of Data Centres, the UK has decided to take steps to ensure they receive adequate protection from cyber threats

Trustwave Reveals the Financial Sector's Cyber Threats

Cyber Security

TCS and Google Cloud Join for Solution to Secure the Cloud

Technology & AI

Cybersecurity Conglomerate Reveals Threats Facing Consumers

Cyber Security