Cybersecurity Leaders – Alberto (Deto) Hasson
His previous experience includes working as Head of Israeli National CERT at the National Cyber Directorate under the Prime Minister’s Office, as well as the Acting Director of the Department of Technology and Certification at the National Information Security Authority (NISA).
He holds a BSc degree in Chemical Engineering and an MA in Political Science & Public Administration.
What do you enjoy about the CISO role?
I enjoy the role because of its importance and its managerial and technological complexity. The role of CISO in a global industrial company with strategic importance is to lead the organization to creating a secure enterprise culture. That culture must:
- Secure the IT and OT operational environment
- Prepare the organization for the possibility of a cyber event, and, if necessary
- Manage the decision-making process of an Incident Response in a sound and professional manner in order to resume operations with minimum damage to the organization.
How important is it that the CEO supports information and cyber security?
The support of the CEO is vital. In your role as CISO you must protect the organization by communicating and engaging in an ongoing dialogue with senior executives of the organization. Ultimately, an organization with a high dependency on information systems and subject to a high threat level requires a cool-headed CISO that is capable of leading the organization to a high level of resilience and security.
What is your recommendation to Security Leaders?
My recommendation is to initiate work processes with top managers in various fields, in order to lead to a culture of high information security. The training body in every organization has many capabilities -and it is important for a CISO to know how to deploy those capabilities to create awareness and initiate activities.
A good example is from the world of car safety which provides layers of added protection to increase driving security. In the same way, a CISO adds new security systems, alerts and layers of security to existing information systems in order to enable their continued safe use. We must give special attention to establishing a culture of security awareness among certain user populations within an organization such as accounting, procurement and sales departments, as well as others with access to sensitive or critical information.
What do you believe will be your greatest challenge in the coming year?
My greatest challenge as a CISO of an innovative, IT-based industrial body is to enable and support innovation and even to initiate it, while maintaining a high level of security and creating a threat intelligence capability that precedes the actual preparation for threats.
How do you obtain information about new projects in the organization in order to ensure that information security is not omitted in that project?
The issue must be standardized through organizational processes that the CISO must initiate and create. The guiding principle is that you do not delay projects or prevent their execution. That means you need to provide a high level of service in such a way that you aren’t considered a burden but rather a protective shield.
Of course, information security must be supported by processes, procedures and communications with Operations. One should always assume that not everything will be brought to your attention, so mechanisms should be implemented to ensure that you obtain information from the field.
How do you fight the image that information security impairs business processes?
A change is definitely occurring due to the exposure of business executives to global information security events as well as growing media exposure. New regulations have also been implemented in the Privacy area, for example, so as a result of external processes and higher threat levels, it is much easier to convince Operations that the CISO’s role is to protect and maintain the organization and not delay business processes. The CISO’s primary initiatives vis-a-vis senior executives in the organization are creating an information security culture and paying attention to business needs and daily risk management.
The CISO, together with all employees and managers, works hard to maintain and protect the organization from from numerous cyber threats, especially during a cyber event. The support of management is important and appreciated. The CISO also needs many talents, among them:
- The ability to learn and improve his/her capabilities
- The ability to report to, provide advice and cooperate with management
- Staying current with new technologies
- Dynamic thinking
- Stress management capabilities
- High inter-personal skills
- Working as a team player
All of these functions make the CISO role interesting, challenging and complex. Building a good, diligent team around you is also crucial to ensuring your success.