My profession gives me the chance of meeting and having deep discussions with CISO. Being in the profession for long enough to have CISO’s in my list of personal friends, I get to know the both sides of the coin, professional and personal.
The job of CISO is demanding and challenging. Change is the only constant thing in CISO’s day. Most of the CISO’s say that there is no fixed pattern to their day. They can plan some part of the day but the plan needs to modify to pay attention to the urgent and important issues arise due to the dynamic nature of cyber security issues.
The day starts with checking emails making sure nothing is derailed in last 4-5 hours. Next thing visiting certain security news, blogs and websites to get updated what is happening around, getting updated with new vulnerabilities, attacks and patches or updates.
On the way to the office, 10-15 minutes update call with SOC manager to know the high-level updates.
8:30 AM – Check Security Dashboard – either single view or two or three portals. To get answers to questions. How does the Security posture look like? Is there any risk? Are there any threats? Is there any incident that needs immediate attention? Is there any security news that relates to my environment so that we need to proactively start monitoring?
9:30 AM – It is audit time of the year. Actually, the audit keeps on going throughout the year. Either it is an internal quality audit, internal regulatory Compliance audit or external 3rd party mandatory. So meeting with the auditor is part of the day. Today it is meeting with External Auditor
10:00 AM – meeting with change control board – Identifying and prioritizing the security risk associated with new changes in application environment or IT infrastructure environment. With dynamic changes in business environment triggers changes in application features and functionality of the platform from which applications can be assessed or the new partners that need to be integrated to access the organizational environment
11:00 AM – Meeting with technology vendor – The attack vector is dynamic, hackers/attackers are 10 steps ahead of the cyber security defenses, the security budgets and market and the variation attack methods are growing every year and so the technology vendors. New products, enhancements into existing products are coming into the market. Getting to know these tools and technologies is one of the important tasks for CIOs.
12:30 PM – SOC Daily status call. Connecting with SOC team, an understanding status of incidents, compliances, update upgrades.
1 PM – Lunch with CIO, IT manager. This is not formal meeting just to create a bond and get to know what is happening. Many times the lunch gets skipped as the SOC meeting spills over to resolve issues in hand
1:30 PM – Meeting with business team to discuss consolidation and migration of few applications to cloud
2:30 PM – Checking e-mails, feeds from threat intelligence, security dashboard. Going through security news and blogs. Just know what is happening around the world. Assigning priorities the inputs from threat intelligence.
3:00 PM – Preparing report for Risk Management meeting
3:30 PM – Meeting with Risk Management team. Update on latest threats and risks, Discussion recommendations
4:30 PM – Meeting CIO twice a week (ideally) and CFO once or twice in a month (ideally) to get the budget sanctioned for implementation of new tools to mitigate identified threats
5:00 PM – Interviewing the down selected candidate for security specialist level 3 vacant position.
5:30 PM – Meeting with SOC manager. Getting an update on the day’s work providing inputs to progress the policy enforcement.
6:00 PM – If all is well head to home.
CISO’s day can easily be derailed by an unexpected event, such as a hacking attempt, data breach, and malware outbreak or application outage. When such an event occurs, the CISO will work with his security operations center (SOC) team to quickly figure out what’s going on, and which business processes are, or potentially will be affected.
All of these activities certainly make for a hectic schedule, and CISOs are constantly racing against time. But no matter what the working day throws at them, the CISOs’ constant number-one priority is to keep the organization’s data secure against attacks, outages. And given the ever-growing attacks, change requests, audits, security events CISO’s needs to think about how to utilize latest technologies like AI and Machine Learning to automate the processes.