Sustainable Success Stories: Digital Practice Webinar Series - The CISO

"The CISO is no longer just a necessary evil!"

Last week, Amrop's Global Digital Practice quarterly online event explored the theme of "The evolution of the CISO role: CISO as a business enabler." We spoke with Harvey Ewing, CISO turned CIO, who is now again a CISO at Radial Inc., and to Dimitri van Zantvliet, CIO turned CISO, now the CISO at Dutch Railways (Nederlandse Spoorwegen). 

The session was facilitated by Job Voorhoeve, leader of Amrop's Global Digital Practice, and Jamey Cummings, Cybersecurity Partner at JM Search.

Amrop Digital Webinar

Session Summary

Both CISOs started off by commenting on the drivers of cybersecurity in today's global context where cybercrime has emerged as the world's third largest economy, trailing only the United States and China, and where, in the current geopolitical climate, digital safety and physical safety are more and more inextricably linked. 

"With AI emerging and changing the threat landscape even further, the role of the CISO is rapidly evolving," said Dimitri van Zantvliet.

However, the tension between the priorities of enabling business objectives through technology and maintaining a robust security posture can be challenging when it comes to the collaboration between CISOs and CIOs.

"A 'healthy conflict' can be a catalyst for collaboration between the CIO and CISO. When the status quo is challenged in a positive manner it can provide beneficial outcomes for the business as well as providing appropriate data for the Board when presenting security issues," said Harvey Ewing. He also explored the idea of creating a functional partnership between the cybersecurity and software development teams and offered examples based on his personal experience. 

Important parts of the discussion touched on issues related to legislation and how the need to be compliant has a serious impact on the organization's business imperatives. Van Zantvliet explored the ethical aspects of security and compliance, and Ewing spoke of CISOs being increasingly involved in business proposals provided by the organization. 

It was also noted that in today's threat environment, the CISO's work is never complete. "As a CISO you're playing an infinite game!" noted van Zantvliet. However, as long as there's growth and learning, being a CISO can be an extraordinary multi-layered journey. Van Zantvliet also emphasized the need for experience: "Don't step into this role too soon." 

Coming back to the topic of the evolution of the CISO role, Ewing noted that the dynamics between the CISO and other C-suite roles has changed: "Being a successful CISO nowadays means getting out of the typical CISO shell; you can go from being a CISO to being a CIO or a CTO - you can go wherever you want to go."

It goes hand in hand with his observation that "the CISO is no longer just a necessary evil - companies need them and they're becoming more and more aware of it." This, however, doesn't mean that the CISO's work is done - it's crucial that they always hone their messaging around cybersecurity issues and adapt the information with the business imperatives in mind.

The two speakers also answered insightful questions from the audience. For example, they were asked to elaborate on ways in which they’ve worked to create a security awareness culture in their organizations, especially in the context of increased attempts to breach the security of private individuals via various platforms and newly launched digital tools. They also answered questions about the dynamics within the IT organization and the EU’s cyber resilience act. 

To find out more, email us or contact the Amrop Digital Practice member in your country.

For more insights on the topic of CIOs & CISOs managing tensions and working together, which we explored together with our global search partner JM Search, follow the link to our recent study Digitization on Boards 6.