Africa CISO Summit: Dissecting The CISO’s Dilemma

No photo availableCIO Africa authorByKevin Namunwa
3 min read
At the Africa CISO Summit, there was a panel discussion that delved into the dilemma of the modern day CISO
The dilemma is how to quantify the value of the spend a CISO is asking for from the company.
The dilemma is how to quantify the value of the spend a CISO is asking for from the company.

In this digital age, security is becoming more critical as the attack surface widens. This is mostly because of new technologies that are coming in and companies onboarding these technologies to stay ahead of the curve and be competitive.

With security becoming more crucial, companies are now taking the role of the Chief Information Security Officer (CISO) more seriously. However, with the CISO being a crucial part of the technology C-suite, where does that leave the other members (the CIO, the CTO, the CDO, etc)?

At the Africa CISO Summit, there was a panel discussion that delved into the dilemma of the modern day CISO. Moderated by Michelle Kuria, the Regional Marketing Manager at ESET Africa, the topic was dissected by Daniel Adaramola, CISO, SunTrust Bank Nigeria; Aprielle Oichoe, Senior Advisor Africa, Center for Strategic Cyberspace and International Studies; William Makatiani, Founder and CEO, Serianu Limited; and Shalom Onyibe, CISO, UBA Kenya.

With the crucialness of the CISO in this digital transformation age, how does the CISO blend in with the c-suite members who are always thinking from a business perspective? That is the dilemma of the CISO.

According to the panellists, the big dilemma is how to put a business perspective in security. The dilemma is how to quantify the value of the spend a CISO is asking for from the company.

Aprielle gave an interesting view where she said that all businesses are profit ventures and the executive team is always looking to do projects that bring more money to the company. It is difficult for the CISO to give a clear value on how the company will gain from a security project.

However, to the advantage of the CISO, security is as crucial as the value of the entire company because it only takes one breach to bring the entire organization down. Aprielle said that the company needs to talk about how they can be prepared for a breach and not look at it as a hypothesis.

“When talking about security, most organizations talk of ‘in the event of’ – just a probability. We need to prepare and know how to respond to a breach and not just have a hypothesis of this,” Aprielle noted.

L-R: Michelle Kuria, Aprielle Oichoe, William Makatiani, and Shalom Onyibe at the Africa CISO Summit
L-R: Michelle Kuria, Aprielle Oichoe, William Makatiani, and Shalom Onyibe at the Africa CISO Summit

On the other hand, Shalom Onyibe, talked about how the culture of any company can help solve the CISO dilemma. Shalom noted that once every member of the executive team knows what is at stake when the organization gets attacked.

“When the entire team thinks about security in any project that is brought to the table, it is easier to marry cyber security and business innovation. I think this is something that can be sorted by the culture of the said company,” Shalom noted, adding that ‘Culture can eat strategy for breakfast’.

“As a CISO, it gives you confidence when your fellow C-suite members are also looking at the security aspect of any project that might be brought to the table,” Shalom further noted.

Leave a Reply

Your email address will not be published.

Do you have a story that you think would interest our readers? Write to us editorial@cioafrica.co