Learning from the pandemic

What advice do you have for fellow infosec leaders on what you’ve learned?

“Keep it simple and straightforward. I’d much rather people did a handful of things well than many things not well enough.“

Ben Aung, global CISO at Sage, shares the advice he would give to fellow cyber security professionals with Sooraj Shah.

Ben Aung was a speaker at the very popular R3 cyber security conference, which ran from 15 to 24 September 2020. If you missed it, then it’s not too late: you can still watch on demand.

Video transcript:

Would you give any advice to your Infosec leaders around anything that you’ve learned?

I mean certainly, I mean we found that, yeah, keeping it simple and straightforward, I’d much rather people in Sage did a handful of things really well than many, many more things not well enough. So to being very discriminate about what we ask, so appreciate everyone’s under some pressure. Everyone’s having to adapt to different ways of working, configure their lives in a different way, work in a different way, and we don’t want to add unnecessary burden in terms of security. So it’s much more important they do a few things really well for us.

And that’s been really important. So keep it very, very simple. Don’t overload people.

And I think, as well, rely on people’s good judgement and instinct. So where we can equip people to make the right decision 80% of the time just by giving them a few key pointers or so high level pointers. And that’s much more effective than I think us trying to accommodate or preempt any scenario that they might come across in their day-to-day. So that’s definitely worked very well for us.

And then I think, finally, because colleagues, and I’m sure this is true in many other companies, having to work in a different way, perhaps with different IT tools, inevitably people are going to make mistakes, aren’t going to follow the processes as they were intended because they are new processes. So you want to be very forgiving and have a blame-free culture around those sorts of issues.

Also, if we see repeated issues around people doing the wrong thing, it could be how they send information, for example, then to have a really good think about whether or not our tools are good enough, rather than whether or not the people are following a process. Is there something that we could do as a business to make life easier for people to be, to give them something a bit more intuitive, a bit more simple to use? And if so, then let’s do that rather than expect everyone to learn a completely new way, a new way of working under pressure.

Copyright Lyonsdown Limited 2021

Top Articles

The expert view: Accelerating the journey to the cloud

At a virtual seminar on 9 June 2021, sponsored by managed IT service provider Sungard Availability Services, eight senior IT decision makers gathered to discuss how organisations can accelerate their…

Ransomware attacks and the future role of the CISO - teissTalk

On 18 May, teissTalk host Jenny Radcliffe was joined by a panel of four cybersecurity experts in a wide-ranging discussion that covered government actions, ransomware attacks and the future of…

Communicating a Data Breach: Best Practices

When customers trust you with their personal data, they are expecting it to be protected. This means your response to a data breach is imperative and can make or break…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]