What is your advice to CISOs in the UAE?
Date: 26 March 2020
What is your advice to CISOs in the UAE?
Cyber Management Alliance recently concluded one of its most successful events in Dubai yet – the bi-annual Wisdom of Crowds event. Held at one of the most exclusive addresses in Dubai, the Gold/27th floor of the exquisite Burj Al Arab Jumeirah, the event saw participation from the highest number of cybersecurity practitioners so far at any WoC gathering in Dubai. It was a full house, bustling with participants from Dubai, Abu Dhabi and RAK government entities, attending alongside delegates from critical sectors including infrastructure, banking and finance, education, retail, healthcare, IT, insurance, automotive and others.
We, at Cyber Management Alliance, didn’t miss this grand opportunity to elicit opinions and insights from all the leading minds in the industry present at the event. One question, which obviously begged answering was simply – their advice to CISOs in the UAE. Here’s what the doyens of the industry had to say:
- Solayman Refae, Group CIO, Webcor, “Technology in the Middle East is always disconnected from the top management. You have to show that business continuity, which is related to risk management, sustainability and business growth, are all linked. This is most important – it’s not a technology; it’s about the business.”
- Mohammed Shahid Ahmed, Director of Information Technology, Hapag Llyod AG, “My advice to any CISO would be to first ensure that IT security is given its place by the top management. IT security has to be tied to company strategy to ensure that we have the right training and skills in the organisation, investment in technology, for example, in threat intelligence etc. It’s important to build awareness in the organisation about what impact IT security has on the business.”
- Manas Sarkar, DGM & Business Head, Managed Security Services, “My advice to CISOs in the UAE is primarily to plan based on the business. First, you have to understand where you are, then start engaging with an MSSP. I won’t recommend going in for a plan longer than 5 years as the technology will evolve and change by then. It’s also important to identify which part of security management can be given to MSSP and which part can be maintained in-house.”
- Jacob Mathew, Head of IT, Abu Dhabi Government, “What I would advise CISOs is what I do myself; that is continuously learn. We have to learn things daily. There are so many outbreaks and so many new developments every day. I make it a point to spend between half an hour to an hour to read, listen to podcasts; there are so many ways to gather information. Networking with peers is also important because as a group we can learn much more from each other.”
- Mina Gerguis, Manager, IT, Automech Group, “You always live another day to learn more. There is no way we can stop seeking out new information because we are always discovering new stuff; new threats that we didn’t even know existed.”
- Moussa Arab, Senior Broadcast & IT Network Security, Government of Dubai, “As a CISO, the position is a little bit tricky. It depends on how you came into the organisation and whom you report to. For CISOs who report directly to the managing director, they have to work with the operations and IT people. That means they have to give them advice. If they don’t advise the existing sources within the organisation in order to embrace security, they will get difficulties. It’s better for them to become like advisors or mentors within the organisation for security, rather than pin-pointing policies and trying to apply policies by any means.”
Subscribe to the Cyber Management Alliance YouTube channel for more insights and interviews from leading cybersecurity executives across the world: https://www.youtube.com/channel/UCm-r7aanAKPc8bu-FqaTVyw