a ciso for a digital world...•ciso must become a trusted advisor to the business •ciso must...

Copyright © 2017, Oracle and/or its affiliates. All rights reserved.

A CISO for a Digital World ISSA CISO Virtual Mentoring Session

Gail Coury VP, Risk Management Oracle Managed Cloud Services March 2017

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 2

• Gail has over twenty years experience in information security infrastructure systems and network management, security technical consulting, information systems auditing, and programming. Industries include software and hardware technology, airline reservation systems, insurance, banking, and retail.

• Gail leads the risk management function for Oracle’s Managed Cloud Services. This includes Security Strategy, Security Solutions, Operational Compliance, Customer Security Services, Regulatory Compliance, and Delivery Assurance. She is the former CISO for PeopleSoft and former CISO for J.D. Edwards.

• Gail received her bachelor’s degree in Management Science and Computer Science from Clarke University. She is an alumnus of the Stanford Executive Program of the Graduate School of Business at Stanford University.

• Gail is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and a Certified Information Security Manager (CISM)

Gail Coury VP, Risk Management, Oracle Managed Cloud Services

What Do CEOs Care About?

NEW CUSTOMER EXPECTATIONS

GROWTH NON-TRADITIONAL MARKET

NEW BUSINESS / OP MODELS



What is the View from the CIO?

ON PREM (NO INNOVATION)

BUSINESS AGILITY

CROSS ENTERPRISE COLLABORATION

CapEx / OpEx SAVINGS


Source: “The Nine Elements of Digital Transformation”, MIT Sloan Management Review, 2014

SPAN EVERY FUNCTION D I G I T A L OPPORTUNITIES

Customer Insight

Digitized Processes

Customer Interactions

Workforce Productivity

Revenue Growth

Business Insight

5

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |

Battle for the Customer Interface

Uber

Facebook

Alibaba

Airbnb

The world’s largest taxi company, owns no vehicles

The most valuable retailer, has no inventory.

The world’s most popular media owner, creates no

content.

The world’s largest accommodation provider,

owns no real estate.

Source: Tom Goodwin, Battle for the Customer Interface

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |

1980s 1990s 2000s 2010s

Empowered Customers

Digital is Humanized

Knowledge Everywhere

Internet of Things

Mobile as Primary Channel

Cross-Channel Service

WHAT’S NEXT

what’s

CHANGED


Impact on the CISO Role

• Business can be the “disruptor” or be “disrupted”

• CISO cannot be the roadblock to success – or perhaps even survivability

• CISO must be aligned with the business strategy

• CISO must become a trusted advisor to the business

• CISO must enable the business to succeed

• CISO’s team must adapt to the new technologies – learn about them, use them and determine the best way to secure them

• CISO’s team must stop saying “no” and instead say “yes, and here’s how”

8


Security exists only to help the business be successful.

9


• Focus on business results

– Be seen as a partner to the business

– Establish yourself as the “go to person” for all things related to information risk – an expert in information security, compliance and privacy

• Get people on-board through influencing

– Help the business to understand the risks in their terms

– Help technology leaders understand the risks in their terms

– Transform your team – challenge tradition

10

• Use data-driven decision making

– Gather the data that is available and decide direction

– Business is moving quickly and CISO must also

• Have organizational awareness

– Understand the key players and what their objectives are

– Know where they are spending their resources and determine how to provide support while advancing your objectives

Characteristics of Successful CISO

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwiOtOmdg5TOAhUpxYMKHfp0AKYQjRwIBw&url=http://www.imgion.com/img/success/page/5/&psig=AFQjCNGObQ5QJKFdq7uwfg1NI18NL_rjGg&ust=1469721816757136


CISO helps the business make expert security decisions

11


• Encourage more “consultative” approach

– Reward being part of the solution rather than just pointing out the problem

– Listen to customer feedback to know how the team is perceived

• Adopt newer technologies

– Embrace the technologies of the business to understand the benefits but also the risks

– Get creative with ways to address security concerns – don’t be left behind

– Use “blank white board” thinking

12

• Review business results regularly

– Develop an understanding of how security and risk management drive value

– Market security’s ability to enable business success

• Align objectives with business strategy

– Provide a “line of sight” of the team’s work to business performance

– Be adaptive - change will continue with increased velocity

Methods to Transform your Team


Know your stuff – your credibility as a leader is dependent on this

Stay current with changing technologies

Understand your business and where it is headed

13

Stay Relevant

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 14 Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 14

Evolve security into a competitive advantage for your business

a ciso for a digital world...•ciso must become a trusted advisor to the business •ciso must...

Documents