The First Global Cybersecurity Observatory

Innovation - Insight - Leadership

Leave a Comment

Cybersecurity Leaders - Carlos Lyons, Vice President Global Chief Information Security and Compliance Officer @ CGS (Computer Generated Solutions)

Carlos Lyons, Vice President and Global Chief Information Security Officer at CGS, is responsible for the cybersecurity, compliance and technology privacy of CGS, a global leader with operations in multiple countries around the world and its full-time employees. For the past 18 years, Carlos has focused exclusively on cybersecurity, information security and risk management.

He has a proven track record in leading cross-functional personnel to achieve effective cybersecurity objectives, including architecture, operations, compliance, early risk identification and mitigation strategies throughout the enterprise.

Carlos is active in the information security industry, serving as an Advisory Board Member for the Cyber Security Programs at NYTC in New York, earning his Certified Information Security Manager (CISM) and Certified in Risk and Information Systems control from ISACA, Certified Information Systems Security Professional (CISSP) from (ISC)2, Certified Chief Information Security Officer and Certified Ethical Hacker from EC-Council.

How important is it to have the CEO thinking that security matters?

It is important and we are fortunate at CGS to have top-down support from our CEO and members of our Executive Leadership Team for all of our cybersecurity and information security initiatives. Because the CEO is a true champion, he consistently makes cybersecurity a topic of discussion in his all-hands meetings, supports our efforts on deploying the appropriate cybersecurity platforms, encourages ongoing security awareness training and reinforces the need for all employees to report phishing emails. Without his buy-in and support it would be very difficult to communicate the importance of our policies and procedures to other members of our leadership team.

How can CISOs better understand a business’s needs?

Before CISOs can implement the right balance among people, process and technology, it’s important they understand the specific needs of each business unit, industry and customer base they are serving. More than just knowledge and familiarity with core IT functions, this requires developing a deep understanding of company-specific processes, workflows, policies and procedures. This allows security professionals to understand each business area, build baselines, conduct risk assessments and identify security gaps between current and future states to strengthen the business security posture and risk exposure.

Are there any common traits to what makes a successful security program?

Every organization faces its own set of challenges within its respective industry or sector. As such, adjustments to these externalities are needed to be successful in achieving the organization’s mission. Any security program that does not develop alongside the enterprise strategy will invariably address the wrong problems at the wrong time. It is critically important for a security leader to consistently be in tune with the business and functional leadership.

What are the biggest challenges you face in the year ahead?

Maintaining a solid overall security posture, keeping everyone in CGS engaged and addressing multiple, concurrent new threats and risks are obviously at the front of everyone’s mind. My most critical challenge is probably to ensure continuous improvement in developing our cybersecurity and risk culture. Making sure that we can drive the change from a mandate-centric to an engagement-focused security model is critical in ensuing the long-term success of the entire security program.

On a technical note, I am very concerned by the adverse cybersecurity impact of artificial intelligence(AI) and machine learning as a malicious delivery tool for actors. Cybersecurity practitioners must stay on top of this concern through aggressive process control check in and AI-informed risk-based decision making.

How can CISOs balance security and innovation?

With a strong focus on the CGS risk management program as a key decision-making driver to decision making, security and innovation are not contradictory. If the overall success of the organization depends on rapid innovation and expansion, the risk of implementing a control environment that is harmful is much more relevant than limited. Having a strong security culture helps put it as part of the ideation phases of development cycles. If the engagement of a strong security architect or systems engineer can be established early on, innovation projects can avoid critical cybersecurity issues.

How important is being able to communicate with your colleagues?

Peer discussions are among the most useful ways of staying on top of things! Security is a very complex topic and it is extremely hard to even stay up to date on current developments.

Every security professional has a specialty or unique experience, and it is paramount to the success of our security program to leverage this shared knowledge.

Beyond that, it is a lot more fun to work with people who share the same passion and sometimes even the same purpose.

Could you offer any advice on how CISOs and CIOs can work together effectively?

CISOs and CIOs must be equal peers and work together to meet their common objectives: keep the organization secured while delivering the required IT services. Proper, honest and transparent communication between the CISO and the CIO is key to having both sides aligned to ensure that effective, reliable, highly available and secure solutions are implemented. There must be a clear, defined segregation of duties to assure successful outcomes.

Closing statement

The developments in artificial intelligence, machine learning, data analytics and quantum computing have improved business productivity. Yet, these developments have also created new attack vectors to compromise known cybersecurity controls and challenge the efficacy of well-established security platforms. Our challenge, as cybersecurity practitioners, is continuing to meet the security challenges that are becoming more complex, invasive and impactful and finding that the nimble and agile balance of availability, performance, integrity and security to move at the speed of business.

Follow Us

Cybersecurity Leaders - Carlos Lyons, Vice President Global Chief Information Security and Compliance Officer @ CGS (Computer Generated Solutions)

LATEST INFOGRAPHICS - MEMBERS

Image is not available
Image is not available
Image is not available
Image is not available
previous arrow
next arrow
Slider

Latest Product Videos

Image is not available
Image is not available
Image is not available
previous arrow
next arrow
Slider

Our Latest Infographics

Image is not available
Image is not available
Image is not available
Image is not available
Image is not available
previous arrow
next arrow
Slider

Latest Video Infographics

Image is not available
Image is not available
Image is not available
previous arrow
next arrow
Slider

All Infographics

Cybersecurity Observatory Members Infographics

Cybersecurity Infographics Members Please find … Download...

All Product Videos

Cybersecurity Product Videos Our selection of short cybersecurity product … Download...

All Our Infographics

Cybersecurity Infographics We are creating high … Download...

All Video Infographics

Cybersecurity Observatory - Video Infographics We … Download...

Contact Us

Who We Are

Our Mission

Our Values

Legal Notice

Terms of Service

Privacy Policy

Cookie Policy

Acknowledgements

Collaboration

Follow Us

Responsible Disclosure

Hall of Thanks

Hall of Fame

 
>