Both CISOs started off by commenting on the drivers of cybersecurity in today's global context where cybercrime has emerged as the world's third largest economy, trailing only the United States and China, and where, in the current geopolitical climate, digital safety and physical safety are more and more inextricably linked. 

"With AI emerging and changing the threat landscape even further, the role of the CISO is rapidly evolving," said Dimitri van Zantvliet.

However, the tension between the priorities of enabling business objectives through technology and maintaining a robust security posture can be challenging when it comes to the collaboration between CISOs and CIOs.

"A 'healthy conflict' can be a catalyst for collaboration between the CIO and CISO. When the status quo is challenged in a positive manner it can provide beneficial outcomes for the business as well as providing appropriate data for the Board when presenting security issues," said Harvey Ewing. He also explored the idea of creating a functional partnership between the cybersecurity and software development teams and offered examples based on his personal experience. 

Important parts of the discussion touched on issues related to legislation and how the need to be compliant has a serious impact on the organization's business imperatives. Van Zantvliet explored the ethical aspects of security and compliance, and Ewing spoke of CISOs being increasingly involved in business proposals provided by the organization. 

It was also noted that in today's threat environment, the CISO's work is never complete. "As a CISO you're playing an infinite game!" noted van Zantvliet. However, as long as there's growth and learning, being a CISO can be an extraordinary multi-layered journey. Van Zantvliet also emphasized the need for experience: "Don't step into this role too soon." 

Coming back to the topic of the evolution of the CISO role, Ewing noted that the dynamics between the CISO and other C-suite roles has changed: "Being a successful CISO nowadays means getting out of the typical CISO shell; you can go from being a CISO to being a CIO or a CTO - you can go wherever you want to go."

It goes hand in hand with his observation that "the CISO is no longer just a necessary evil - companies need them and they're becoming more and more aware of it." This, however, doesn't mean that the CISO's work is done - it's crucial that they always hone their messaging around cybersecurity issues and adapt the information with the business imperatives in mind.

The two speakers also answered insightful questions from the audience. For example, they were asked to elaborate on ways in which they’ve worked to create a security awareness culture in their organizations, especially in the context of increased attempts to breach the security of private individuals via various platforms and newly launched digital tools. They also answered questions about the dynamics within the IT organization and the EU’s cyber resilience act.