GitHub recently hired Mike Hanley as its first-ever Chief Security Officer to lead security efforts at the company. Being one of the largest open-source communities globally, Github hosts millions of developers’ research work and projects. Thus, security is core to the company’s mission.
Hanley has built a reputation for making security easy and effective and has led the Duo Security program. In the past, GitHub has invested in areas such as password authentication and eliminating third-party tracking cookies on the website. Hanley will work on strengthening GitHub’s approach to developer-first security.
In a recent blog post, Hanley addressed the importance of having critical capabilities in security. He said, “As a security practitioner, this is also an exciting transition for me as much of the security community, and many of my favourite security projects live on GitHub, like CloudMapper, stethoscope, GoPhish, and osquery. I couldn’t be more excited to help secure the platform that’s made these influential projects possible and expanded their reach in incredible ways.”
Why Hire A Chief Security Officer?
The number of cyberattacks drastically rose in the aftermath of the COVID-19. Reports suggest cybercrime costs the world $11.4 million each minute in 2021.
With virtual workplaces and remote working gaining popularity, businesses must brace for threats around data breaches, denial of service, insecure APIs, hijacking, among others. Moreover, the growing focus on the cloud is spurring cyber crimes like never before. While most cloud service providers have built-in security services for data protection, regulatory compliance, and privacy, more companies need to adopt a robust risk management framework to fend off cyberattacks.
Secondly, companies working on artificial intelligence and machine learning may face AI and ML-based threats such as the poisoning of training data sets, model corruption, and more. Further, ML relying on cloud-based datasets can compromise data security.
So, why exactly do companies need Chief Security Officers or Chief Information Security Officers?
Many companies have been hiring chief security officers in the last few years. Naukri has approximately 4,500 job listings for CISOs. However, there still aren’t skilled professionals to fill these roles, which requires specialised and extensive knowledge in the domain.
Taking A Lead
Companies today are spending millions of dollars to protect their data. Just like the role of a data scientist — unheard of a few years ago — the role of CSO is also rapidly evolving. Directly responsible for an organisation’s entire security function, CSOs play a key role in creating trust and confidence in organisations. Apart from technical skills, CSOs are expected to be intuitive, articulate and have a knack for identifying potential attacks. A CSO works closely with different teams to develop a multifaceted security framework that can adapt to rapidly changing compliance requirements and neuter cyberattacks.
The CSOs are also responsible for building borderless security. With remote working in force, most of the meetings happen on public networks or from untrusted devices. Borderless security will ensure data safety as businesses continue to run in a location-agnostic fashion.
Creating a culture of cybersecurity is another crucial area. CSOs should encourage employees to comply with the organisation’s cybersecurity policies. Building a mindset that prioritises cybersecurity is essential while creating awareness.
In a nutshell, some of the roles and responsibilities of CSOs are:
- Leading operational risk management activities
- Developing and implementing security policy, standards, guidelines and procedures.
- Overseeing a network of security directors and vendors
- Work with other executives to prioritise security initiatives
- Overseeing incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary
- Being technically adept at fighting the potential attacks
While hiring CSOs is a start, there is no one-size-fits-all approach to cybersecurity. That sai, planning budgets, developing technical strategy, training staff, and upskilling employees are key steps CSOs should take to create an effective security strategy.