Trust is fundamental in cyber security, but it’s often compromised by misleading practices driven by profit rather than genuine client care.
Cyber security vendors and professionals must adopt a broader, more ethical perspective that values long-term relationships over short-term sales, says Marius Poskus, Global Vice President and Chief Information Security Officer at Glow Financial Services Limited.
In an insightful discussion with Chaleit’s CEO, Dan Haagman, Marius explores the evolution of the CISO role, the changing dynamic between vendors and clients, and the need to build smarter SOCs.
Instead of overpromising and underdelivering, vendors should opt for integrity and client-centricity. Transparency about product limitations or areas needing improvement is crucial for establishing trust.
Client-centricity as the new standard
Cold-calling in cyber security is dead, Marius believes.
Sales strategies are shifting away from traditional methods towards community engagement, showcasing expertise, and building trust.
Under pressure to make sales, vendors sometimes resort to overstating the capabilities of their products or services. This can involve fearmongering and other unethical practices to secure contracts, an approach that often leads to disappointment and distrust when the product fails to meet expectations, Marius observes.
However, there’s growing recognition that genuine relationships and a positive reputation within the cyber security community are more sustainable and impactful in the long run than “snake oil” tactics.
Instead of overpromising and underdelivering, vendors should opt for integrity and client-centricity. Transparency about product limitations or areas needing improvement is crucial for establishing trust.
Ultimately, a company’s ethos and ethical practices influence how it is perceived within the industry. Ethical business practices can serve as a differentiator in cyber security, lead to long-term partnerships, and elevate cyber security standards beyond mere compliance, Marius emphasises.
💡 Read more: The Evolution of Cyber Security Sales: Beyond Cold Calls and Emails
Cyber security has evolved from a technical discipline to a multifaceted field requiring empathy, communication skills, and a deep understanding of organisational dynamics.
Empathy and communication in cyber security
Cyber security professionals like to be the centre of attention, but security is not the ultimate thing, Marius explains. In business, it’s about making money, sometimes despite security issues.
Organisations must balance security needs with broader business objectives, such as profitability and risk management.
Cyber security professionals should listen actively and understand before offering solutions. This can help avoid misunderstandings and ensure that cyber security strategies align with overarching business goals.
Cyber security has evolved from a technical discipline to a multifaceted field requiring empathy, communication skills, and a deep understanding of organisational dynamics. This shift reflects a broader trend toward holistic, client-centred approaches in the industry.
CISOs must balance innovation with continuity, prioritise effectiveness over personal preferences, and embrace holistic security practices that align with broader organisational goals.
Balancing innovation with continuity
CISO tenure tends to be relatively short nowadays — around 18 months on average.
When entering an organisation, new CISOs typically overhaul existing security stacks and technologies, often showing a preference for vendors or tools that have worked for them previously. However, this tendency can lead to inconsistency and disrupt the continuity of security programs.
It’s important not only to deploy security tools but also to measure their effectiveness, Marius emphasises.
CISOs must balance innovation with continuity, prioritise effectiveness over personal preferences, and embrace holistic security practices that align with broader organisational goals. This involves not only deploying tools but also ensuring they are integrated effectively, understood, and continuously evaluated.
Building a threat-informed SOC
Organisations need strategic, risk-based approaches to security that prioritise prevention and impact reduction over the reactive detection and response mindset.
Effective cyber security requires the proactive establishment of threat-informed Security Operation Centers (SOCs). Marius breaks down the process:
- Start by thoroughly understanding your organisation’s industry and geographic location.
- Research the threat actors most likely to target your sector and their preferred tactics.
- Tailor your security strategy to address the specific threats posing the greatest risk.
- Translate threat actor tactics into data points the SOC can actively monitor.
- Fine-tune data ingestion within the SOC to focus on relevant threats.
- Leverage threat intelligence for proactive detection and response strategies.
This approach moves beyond a simple “detect and respond” mentality, focusing on proactive prevention and minimising the impact of potential breaches.
Marius advocates for simplicity and effectiveness in security practices, aligning defensive strategies with business objectives and risk profiles to achieve meaningful outcomes.
💡 Continue reading: Tailoring Your SOC to the Beat of Emerging Threats
At Chaleit, we also believe that ethical practices and a client-centric approach are essential for a sustainable future in cyber security. That’s why we build partnerships focused on long-term risk reduction, trust, and collaboration.
Let’s connect and continue the conversation and check out our blog for more thought-provoking conversations.