At the ISC2 Security Congress 2024 in Las Vegas, cyber experts worldwide gathered during Cybersecurity Awareness Month to exchange insights on industry challenges and recommend best practices. Ralph Villanueva, an IT security and compliance analyst at Hilton Grand Vacations, shared advice derived from the book “7 Habits of Highly Effective People,” shaping it into seven habits tailored for the daily work routine.
Effective strategies for IT security and compliance professionals
Highlighted habits by Villanueva:
- Comprehending the enterprise’s mission, vision, and objectives to unify everyone towards a common goal.
- Continuous study of internal and external IT environments and enterprise risks.
- Familiarizing oneself with key stakeholders within the enterprise to facilitate smooth communication and resource allocation.
- Recognizing personal strengths and weaknesses, knowing when to seek assistance.
- Effectively communicating compliance requirements to non-technical counterparts for increased understanding and cooperation.
- Anticipating pushback and challenges in enforcing security policies and data regulations.
- Maintaining a proactive and optimistic attitude to drive positive change within the organization.
Common obstacles faced by security and compliance professionals
Villanueva suggested these strategies could help professionals overcome common hurdles such as the compartmentalized nature of businesses where security is often solely perceived as IT’s responsibility. Departments may disagree on balancing friction in processes for security measures.
Due to a fragmented update approach, some companies struggle to maintain servers, endpoints, and databases properly.
HEAR: SentinelOne CISO Alex Stamos cited advanced threat actors as a prominent concern in today’s cybersecurity landscape at ISC2 Security Congress.
Furthermore, the lack of cybersecurity prioritization by board members and executives was identified as a significant challenge.
Relying excessively on technology poses risks too, as evidenced by incidents like the CrowdStrike outage and lawyers facing penalties for the use of ChatGPT.
Implementing the 7 habits in corporate environments
Villanueva stressed the importance of focusing on overarching goals rather than daily obstacles. He iterated the fundamental “three-legged stool” concept encompassing people, process, and technology.
He recommended fostering more frequent meetings to align disparate groups and leveraging board engagement, potentially necessitating AI experts on boards in the future. Although the SEC mulled over mandatory cybersecurity expert board membership for public companies in 2022, the initiative was withdrawn by 2023.
Lastly, Villanueva highlighted the significance of monitoring third-party risks, citing an instance where threat actors infiltrated a gaming establishment via a third-party vendor managing a fish tank, compromising sensitive data.
Disclosure: My attendance at the ISC2 Security Congress event on Oct. 13 – 16 in Las Vegas was sponsored by ISC2, covering airfare, accommodations, and some meals.
About Author
