Nisha Rani, CISO at Emirates Leisure Retail, tells us how she cultivates leadership within her cybersecurity team and navigates the challenges facing cybersecurity leaders.
How do you cultivate leadership within your cybersecurity team and foster a culture of continuous learning and innovation in cybersecurity practices?
To cultivate leadership and promote a culture of continuous learning and innovation in my team my focus is always on the following areas:
Lead by example: Demonstrate commitment to learning. Every year I endeavour to learn something new, whether it might be doing some industry certification, enrolling in a course or learning a new skill. For example, to improve my technical skills in cybersecurity I completed an Advanced Executive Program in Cybersecurity.
Training programs: I make sure that we implement regular training sessions and workshops for everyone to learn more about cybersecurity.
Encourage collaboration: Collaboration is very important in cybersecurity. Be it implementing a new security control, advising others on cybersecurity control, or getting your team’s support to perform the assigned task.
Recognise efforts: I always make sure that I recognise others’ efforts, it makes them feel valued and will always support you in your future endeavours.
Stay informed: I like my team to be informed about the latest cybersecurity trends.
Feedback and improvement: I have implemented quarterly feedback sessions with my team members to discuss not only their performance but improvement areas.
What are the key challenges in maintaining a balance between day-to-day cybersecurity operations and the pursuit of innovative security projects, and how do you navigate these challenges within your team?
Balancing day-to-day cybersecurity operations with innovative security projects presents several challenges, including resource allocation, prioritisation and risk management, etc. By strategically addressing these challenges, cybersecurity teams can balance daily operations and innovative projects, ensuring effective security practices aligned with organisational goals.
Some of the challenges include:
Limited resource: We always have a lot of tasks on our hands but limited resources, so we should ensure that we prioritise initiatives, allocate dedicated resources and provide necessary support.
Prioritisation: Prioritisation is an important aspect of balancing urgent needs with strategic projects. We should regularly reassess our priorities and adjust based on evolving threats and business needs.
Risk management: It is very likely to come across various risks after initiating the projects. The best way to deal with it is by conducting thorough risk assessments and responding quickly to emerging risks.
Integration with existing systems: It might be possible that the new system or control we are trying to implement is difficult to implement with the existing infrastructure. We can deal with this issue by developing a roadmap, considering compatibility and conducting pilot projects before full-scale deployment.
Communication and stakeholder alignment: Communication is key to the success of any project. We should ensure that we update stakeholders regularly on the progress.
Time constraints: We always find ourselves so busy with day-to-day tasks that it becomes difficult to initiate some new POC or project that we have been planning to do for a long time. To manage this, I always block my calendar to have my focus time where I can work on other projects but can still balance routine tasks efficiently.
How do you foster a collaborative environment within your cybersecurity team, especially when integrating new security technologies or methodologies?
To foster collaboration within a cybersecurity team during the integration of new technologies or methodologies the following has to be considered:
Identify stakeholders: Before starting any project identify all the interested stakeholders to consider their requirements and to get their feedback.
Clear communication: It is important to establish clear communication within the team and provide regular project updates to all the stakeholders.
Promote a collaborative mindset: It is important to delegate the task to the right team member and encourage collaboration between various teams.
Feedback sessions: Feedback and brainstorming sessions are important not only with the stakeholders but within the team also.
Reward and recognition: We must recognise the team’s achievement and motivate team members by reinforcing the value of teamwork.
Active participation: I might be busy with various other tasks, but I make sure that I speak to the team on any blockers or support they require through periodic catch-ups.
What do you believe are the biggest challenges and opportunities for cybersecurity leaders in the evolving digital landscape?
Biggest challenges for cybersecurity leaders include:
- Increasing sophisticated cyberthreats
- Shortage of skilled cybersecurity professionals
- Keeping pace with rapidly evolving technologies and their associated security risks
- Rapid technological changes
- Navigating complex and evolving data privacy regulations
Biggest opportunities for cybersecurity leaders include:
- Innovative technologies like AI and machine learning for enhanced threat detection and response
- Leveraging cloud security with enhanced scalability, flexibility and centralised security controls
- Collaboration opportunities in cybersecurity communities
- Investing in continuous training and education programs
How can the scarcity of cybersecurity professionals be addressed?
As a CISO operating in an environment where cybersecurity talent is scarce, it’s crucial to adopt a multifaceted approach to address this challenge effectively. Here are several strategies that can help mitigate the scarcity of cybersecurity professionals:
- Collaborate with industry partners: Partner with other organisations, industry associations and government agencies to share resources, best practices and talent pools. Collaboration can help pool resources and expertise to address common cybersecurity challenges.
- Outsource certain functions: Consider outsourcing certain cybersecurity functions to third-party vendors or managed security service providers (MSSPs) to supplement internal capabilities. This can be particularly useful for tasks that require specialised expertise or are resource-intensive.
- Invest in training and development: Prioritise investing in continuous training and development programs for existing staff to upskill them in cybersecurity. This could involve certifications, workshops and on-going education to keep their skills relevant and up-to-date.
- Create clear career paths: Establish clear career paths within the organisation for cybersecurity professionals. Provide opportunities for growth and advancement, which can help attract and retain talent in the long term.
- Leverage technology: Implement automation to enhance the capabilities of existing cybersecurity teams. This can help alleviate some of the workload and enable cybersecurity professionals to focus on more strategic tasks.
- Offer competitive compensation and benefits: Ensure that cybersecurity professionals are offered competitive compensation packages and benefits to attract top talent. Conduct regular market assessments to stay updated on industry standards and adjust compensation accordingly.
- Retain talent through engagement: Focus on employee engagement and retention efforts to ensure that existing cybersecurity professionals are motivated and satisfied in their roles. This can include providing opportunities for professional growth, recognition programs and a supportive work environment.
- Encourage diversity and inclusion: Foster a culture of diversity and inclusion within the cybersecurity workforce. I feel that diverse teams are more innovative and effective at solving complex problems, which is crucial in the ever-evolving landscape of cybersecurity.
By implementing these strategies, organisations can better navigate the scarcity of cybersecurity professionals and build a resilient workforce capable of effectively addressing the evolving threat landscape.
What strategies can be employed to encourage more women to join the cybersecurity field?
Encouraging more women to join the cybersecurity field is not just about diversity and inclusion; it’s about tapping into a vast pool of untapped talent to address the growing challenges of cybersecurity. Here are several strategies that can be employed from a women CISO perspective to attract and retain more women in cybersecurity:
- Promote female role models: Showcase successful female cybersecurity professionals as role models through various platforms, speaking engagements and leadership opportunities. Highlighting their achievements can inspire other women to pursue careers in cybersecurity.
- Offer targeted training and development programs: Training and development programs can be implemented tailored to the needs of women in cybersecurity. This could include workshops on leadership skills, technical skills development, and networking opportunities tailored to women’s interests and career goals.
- Partner with educational institutions: Collaborate with universities, colleges and high schools to promote cybersecurity education among women. Offer scholarships, internships and outreach programs to encourage more women to pursue degrees and careers in cybersecurity.
- Challenge stereotypes and bias: Address unconscious biases and stereotypes that may deter women from entering the cybersecurity field. Provide education and awareness training to combat stereotypes and promote a culture of inclusivity and respect.
- Create support networks: Establish support networks and affinity groups for women in cybersecurity within organisations and industry associations. These networks can provide mentorship, networking opportunities and a sense of community for women in the field.
- Offer leadership opportunities: Create pathways for women to advance into leadership roles within cybersecurity organisations. Encourage women to pursue leadership development programs, mentorship opportunities and executive coaching to prepare them for leadership positions.
- Celebrate diversity and inclusion: Recognise and celebrate the contributions of women in cybersecurity through awards, recognition programs and internal communications. Highlighting their achievements can inspire other women to pursue careers in the field.
- Advocate for gender equality: Advocate for policies and initiatives that promote gender equality and diversity in the cybersecurity field. Support initiatives that aim to close the gender gap in STEM education, address workplace inequalities and promote women’s leadership in technology.