It is well known that cyber attacks have increased exponentially over the past few years. Despite abiding by industry best-practices and adopting cutting-edge technologies, many private organizations and government agencies still fail to protect themselves against a breach. In an interview with Government CIO Outlook Magazine, Paul Jones, CIO of West Palm Beach, FL, shares his experience of the evolving security world. Honing his skills in all aspects of physical and cybersecurity over the last 40 years, Jones has helped many government agencies to protect their infrastructure. Through this interview, we learn the correlation of IT and security, alongside the strategies one can adopt to defend themselves against attacks or breaches.
1) In light of your experience, how is the evolving security sectorimpacting businesses across the globe?
In the past 40 years, the cybersecurity landscape has been significantly overhauled. Despite its continuous evolution, we have been able to perform stably. Subsequently, we have gained a better understanding of technology and understand how things work. In fact, we are constantly improving security standards by developing new processes, procedures, and frameworks. With that being said, we still need to learn new things to manage tasks more efficiently, gain better insights on security, and increase business productivity.
2) Where do organizations fall short on security, and how can it be fixed?
One of the biggest misconceptions about security is that many companies perceive it only as an IT issue. Developing a sound security infrastructure is about having proper protection for technical infrastructure and effective administrative procedures that include policy processes and security awareness training. Apart from these, having a good compliance entity is also essential. If you don’t include these three elements in your security program, then you will definitely be missing the breadth of what is going to happen in the security landscape.
“The unreliable “bubble of trust” that people have developed around themselves has to be popped, and they need to be more cautious about their safety and security”
In my experience, I’ve noticed that the most significant challenge is to understand an organization’s security needs and requirements as every business is different, and its demands solely rely on the nature of its work. To survive in the security industry, there are certain must-haves! First, it is imperative to understand the top-down leadership approach. In a world where our information is liable to security threats, businesses must be protected from all threats including ransomware attacks. So, some basic preventive measures can be taken, such as keeping backups segmented and educating more people about their role in protecting againstcybersecurity threats.
3) Could you highlight some of the initiatives that you have taken to educate people on security?
We are developing an all-encompassing security awareness program for the entire city. Our training sessions are curated, keeping in mind that people do not have a wholesome knowledge of security. So, we focus on basic security activities like defining individual responsibilities and accountability, implementing access controls, and measuring compliance. This is how we are preparing organizations and their people to learn effective security measures. The outdated“ bubble of trust” that people have developed around themselves has to be popped, and they need to be more cautious about their safety and security when using technology.I think we can fill in these security loopholes by providing extensive security training to people and educating them about security issues. The biggest mistake we make is thinking users should alreadyknow about security issues in this new technological landscape. Following a practical approach aspired from our daily life and keeping things real will ensure that people and technology can work in synergy, doing the needful.
4) What are your thoughts on the future of the security landscape?
Security as an industry is constantly changing. I think password protection alone will soon be a thing of the past. With the ever-evolving threat landscape, we need more robust solutions to protect ourselves. The emergence of AI and machine learning in major areas of the security landscapewill help in making a predictive analysis of basic business operations and security. Predictive analysis and behavioral-based situations can help you predict the weaknesses of your security systems and act accordingly. But I think as all these technologies are coming to protect us in basic business operations, it will be really valuable in protecting us from the threat prone platforms in the future.
5) What has been your secret for professional success?
My secret to success is realizing that it’s not about technology, but about people! Owing to the fact that technology should be user-centric, we create security programs and software that are easily operable, and anyone without prior knowledge of technology can use them. We make a difference by fulfilling the security demands of our clients and garner excellent results by ensuring positive working environments. I think the need is to focus more on people, and if we do that well, we will grow technically and build robust solutions.
6)What would you advice CIOs, CISOs, and young professionals in the security industry?
We need to focus on collaboratingwith other organizations and fellow CIOs more often. Also, it gives a comprehensive understanding of why and what is being done to improve security operations. Bridging the gap between the different departments in an organization is the key! For young people who are entering the security industry, having sound knowledge of technology and understanding its relationship with business is essential. At the end of the day, despite facing some security issues like malware infection, data breaches, and code injection, I honestly feel we are doing better than before.