The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/765798
35 WWW.ILTANET.ORG R ESPE C T V S P O PU L A R I T Y C ONN EC TED TE A M S A L I GN M E N T O F V A L U ES P L A I N TA L K I N G BRA V E RY I ND EPE ND E N CE The best thing about a diverse team is the natural camaraderie and dissonance, which brings out the inner entrepreneur in everyone. Entrepreneurs are the best visionaries and change-makers. Preparing for the Future It would be naive to think the team will remain as it is. The security job market is becoming ludicrous, with twice as many jobs as there are candidates, and most only have half the qualifications or experience necessary to do the job effectively. We have begun to address this issue through an academy for young people (16- to 23-year-olds) to ensure a steady stream of professionals who understand both information AND cybersecurity. Values Any decent business head must have values, and both the business and team must buy in to those values. Defense Is the Best Offense Defending a high-risk business is not simple, and explaining the risks simply is even harder. Many security functions are focused on network protection (antivirus, firewalls, etc.) — basically, "stop the threat at the front door." That won't fly anymore. Threats are becoming so sophisticated that traditional protection is ineffective in isolation. There is also no such thing as total protection. Modern thinking is focused on artificial intelligence and a layered security model where multiple technologies reduce the chance of false positives, enabling the beer use of automated defense. That is where we are puing our time and effort. Finally, and l don't want to give away any secrets, but the key to security is how you explain it. Don't make it about "data protection" (yawn), but instead align benefits to other business priorities: efficiency, cost savings, head count, improved business relationships, a faster network and beer transparency. Whatever is important to the business is an angle you can use. P2P MARK WALMSLEY Mark Walmsley is the Chief Information Security Officer at Freshfields Bruckhaus Deringer LLP and was formerly a private investigator before joining Freshfields to work in their litigation and program management departments. Contact him at mark.walmsley@ freshfields.com. A Strong Team Builds Strong Security CASE STUDIES Security is not a popularity game. If you want that, consider a different career. Respect is more impor tant than making friends (although it's possible to do both). When there are tough calls, you need management to trust you, and that star ts with respect. Teams must be balanced. They must have the confidence to challenge and be challenged. Security must be aligned to existing business strategies. If you want buy-in, you have to demonstrate value beyond data protection. At Freshfields, it's about client service and working globally. You can't have a CISO repor t to the CIO or risk director — firm management or the board needs to be advised directly. The CISO should not be influenced by others' agendas. Security is not an exact science, so you have to experiment and be prepared to be different. To that end, your team must be empowered to be creative (and make mistakes). As the leader, you need to take educated risks. No one likes jargon, but speaking in plain English is not easy. europe.iltanet.org