S30 Ep3: David Weisong - Clean Energy: A CISO’s perspective on cyber security challenges
ISF Podcast - A podcast by Information Security Forum Podcast - Tuesdays
Categories:
In today’s episode, Steve speaks with David Weisong, CIO of Information Systems at Energy Solutions, a growing company with many US government clients. He speaks with Steve about his experiences overseeing a full migration of the company’s security framework, how he got buy-in for security from the C-suite, and how he has approached the challenge of staffing. Key Takeaways: 1. Organisations are advised to focus on protecting critical assets and closely monitoring any supply chain issues. 2. Security leaders and teams are also having to prepare policies for AI use and investigate cloud provider dependencies. 3. Security leaders and teams should be monitoring developments in quantum, staying in step with regulations and needed skills. Tune in to hear more about: 1. Security risks in technology innovation and adoption (1:29) 2. The impact of quantum computing on cybersecurity and the need for organisations to prioritise legacy technology updates (6:59) 3. Volatility, uncertainty, and technological change in the security industry (12:45) 4. How technology innovations can disrupt and improve organisations (18:22) 5. Managing innovation in a rapidly changing digital landscape (20:40) 6. Limitations of accessing powerful technologies due to restrictions, threats, and security concerns (26:12) 7. Emerging threats and risks in technology, including quantum computing, AI, and legacy systems (32:18) Standout Quotes: 1. “We're a professional services organisation, so our contracts are the foundation. And if they're not 100% met, then you actually don't proceed. So it became very easy to say, there's cause and effect here. And that's where that's taken a lot of … repeat exposure, I think, is one part of it, but also setting the stage that it's dynamic. It's not like, oh, yeah, we're done with that, so we can just kind of move on. It's like, we're done with this particular initiative right now. And there are more, and it will be changing probably, quarter to quarter.” - David Weisong 2. “There’s a lot of things that are being put onto platforms or systems that you sometimes get into the area where you might have a unique combination of things that creates problems. And so that's where I think the industry is looking at it still in a category basis. I think there's a need for a more holistic approach, dare I say, coordination or cooperation between companies and their solution offerings.” - David Weisong 3. “When I think about the three to five year window, I mean, there's clearly more fraud and more cybersecurity attacks. It is significant, and it's not decreasing. And so the ability for both organisations to share and for the industry that serving up different solutions, there has to be a coordination and a collaboration around that. Because the priority could change from year to year.” - David Weisong Mentioned in this episode: Times Higher Education: We need a social science of data by Cristina Alaimo and Jannis Kallinikos ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.