“The CISO now needs to understand business problems, to be able to talk to the board and investors, be PR savvy and understand how to market security and the team.”
Matt, we've been discussing some of the main trends that we think security teams should be considering right now. Are there specific areas you’re focusing on?
I think budgets are top of the list for everyone at the moment. For many in security their budgets are under pressure for the first time, although this doesn’t necessarily mean that they are being reduced. What it does mean for CISOs is that there is more scrutiny now, and an expectation to justify security spending to the board. For example, you might be needing to be justify to your CFO how many pentests you’re doing a year and how that relates to the overall business strategy. Historically, this wouldn’t have been something that was challenged. In my experience, mature companies have separate security and IT budgets, and recognise that security isn’t an area where you should be making cuts.
We haven’t seen security subject to the same headcount pressures as the rest of technology. Instead, we’re fighting for talent, and for CISOs, keeping your team happy and retaining talent is an ongoing issue. I saw a recent statistic that said there are over 3 million open roles in security worldwide, so finding and retaining talent will be a top priority for 2023 and beyond.
I saw that James mentioned AI and new technologies in one of your top trends video earlier this year, and I think that’s an interesting one. We’re currently outsourcing things like SOC, SIEM and Incident Response services, but I think AI will revolutionise this over the next 5 years and allow us to be more proactive in identifying problems and addressing them ourselves quickly in-house, without the need for a significantly larger team.