Q&A: Protiviti's Sameer Ansari on CISOs' Growing Challenges

Managing Director - Global Cybersecurity and Privacy Lead at Protiviti, Sameer Ansari discusses his views on the growing challenges CISOs now face

The cybersecurity sector is fast-paced and rapidly evolving, becoming even more dynamic with the introduction of AI. AI can pose an unprecedented volume and sophistication of threats that security leaders must be prepared to handle. When a new person steps into the role of Chief Information Security Officer (CISO), there is little time to find their feet in the role before needing to begin addressing these challenges head-on. 

So why are the first 100 days of a CISO's tenure so important? And how has the role itself changed over time? To provide insight, we spoke with Sameer Ansari, a veteran of cybersecurity who has led cyber strategies at major firms like PwC and Deloitte. Now just shy of a year into his role as Managing Director - Global Cybersecurity and Privacy Lead at global consulting firm Protiviti, Ansari shared his perspective.

Sameer Ansari
  • Managing Director - Global Cybersecurity and Privacy Lead at Protiviti
  • 20 years of privacy, data protection, cybersecurity and information technology experience.
  • Previous roles include Head of Data Governance and Privacy at Vanguard and Managing Director - Cyber Risk at Deloitte

Can you tell me a bit about yourself and your role at Protiviti?

I'm a Managing Director in Protiviti's Technology Consulting group based out of Philadelphia. I serve as the Global Cybersecurity and Privacy Lead for the firm, leading our team of Cybersecurity and Privacy professionals that work with our global clients to prepare for and solve cybersecurity and privacy issues.

How has the role of CISO changed over the years?

Initially, the CISO role was heavily focused on protection of an organisation's perimeter and network, along with the data and systems connected directly to the network. Today, the CISO's responsibilities have become increasingly complex based on the proliferation of devices and data across many networks, third parties and partners. As the CISO role continues to evolve, they must take a step further. In addition to understanding new technologies and the exponentially increasing threat landscape, the CISO must become a communicator and educator in order to inform executives, board members and employees of key threats and impacts to the business.

Why are the first 100 days of a CISO's tenure so critically important to setting up their role for success?

The first 100 days are critically important because it requires a CISO to establish credibility and develop relationships with a multitude of stakeholders and partners within the organisation. They are also tasked with understanding the business operations, current state of cybersecurity capabilities, the threat landscape, and any existing vulnerabilities within the organisation's environment. Once the CISO understands the current state, they will quickly need to establish their plan and top priorities of things that need to be addressed, along with the necessary investments to operationalise those plans. A daunting aspect for new CISOs is they don't have great visibility into what they've inherited until they are immersed into the role. Quick action is required to get this understanding in order to help mitigate any existing or near-term threats.

How do you advise CISOs in an increasingly complex cyber environment?

We often talk to CISOs about prioritisation and understanding how their prioritisation of risks aligns to the overall business strategy. Understanding the threat landscape, as well as its ability to affect business operations and business risks, is where we spend a significant amount of time working with CISOs. This enables CISOs to make sure they are focusing on what is important to the business without getting distracted by a large volume of potential issues.

What do you see as one of the top priorities for CISOs this year?

As identified in Protiviti's Top Risks Survey, generative AI has been a popular topic of conversation across multiple industries, and I see this as being a big area of focus for CISOs. Generative AI can fuel more sophisticated attacks and executives and boards are paying attention to this area through different angles. One angle is establishing appropriate governance and security around generative AI tools that are being created and used to drive the business strategy. The other is understanding how bad actors are using these tools to create complex attacks on organisations and leveraging vulnerabilities at an alarming pace to outsmart defences. CISOs need to start thinking about how they can leverage generative AI to aid in identifying attacks and establishing more effective automated mitigation capabilities.

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

Share

Featured Articles

SolarWinds: IT Staff Dubious on Organisation's AI Readiness

A recent trends report by SolarWinds reveals that very few IT professionals are confident in their organisation's readiness to integrate AI

Is Stress a Driving Force Behind the Cyber Skills Shortage?

A SenseOn study has showed 95% of IT leaders in the UK and Ireland say stress impacts their ability to retain staff

Rapid7 AI Engine Update Sees Gen AI Supporting SOC With MDR

Rapid7's enhanced AI Engine will now use machine learning models and new Gen AI models to separate real attacks from false alarms

Google Securing WFH with Zscaler and Netskope Partnership

Network Security

Why Have Cybersecurity Budgets Soared for TMT Companies?

Operational Security

Mandiant's Analysis Unveils Cause of Snowflake Data Theft

Operational Security