CIO dinner: Talking cybersecurity and dealing with that uninvited guest

post-title

Attendees discussed solutions to keeping their environments secure, cybersecurity in the age of remote work, cyber skills, and making security everyone’s responsibility.

This week, IT leaders gathered at the Saxon in Sandton for an intimate dinner to discuss solutions to be resilient and prepared as far as cybersecurity is concerned, and the timing for this important conversation couldn’t be more perfect. It wraps up October, Cybersecurity Month.

The dinner kicked off with guests sharing some of their biggest highlights of the year, and it came as no surprise that the Springboks winning the 2023 Rugby World Cup, and bringing back the Webb Ellis trophy back home was one guest’s biggest highlight. However, for the majority of the guests, seeing their children achieve significant milestones in their life were their biggest highlights – from one starting grade 1 to another starting matric, and another going off to university.

Highlights of the year were a family affair, where one guest shared how they had a huge passion for karate and were able to spread that love for the discipline to their spouse and children. Another guest revealed how they were so proud to see the maturity in their children, and them getting their first paying job. “Seeing my son getting his first pay cheque made me so proud,” they said. “It really drives home the message of rolling up your sleeves as a person – an important life lesson for them.”

On the business and career front, successfully launching ERPs and saving the business costs took centre stage, while career growth was a close second highlight.

Digging into the real meat of the evening, cybersecurity. One guest mentioned cyber should no longer be an IT thing, but rather an everybody thing. He did however highlight that despite the fact that his organisation undertakes several training courses on cybersecurity, it becomes quite apparent who took those courses seriously and who didn’t. “We’re trying to manage that shift and getting the entire workforce on board – awareness and governance have become very important,” he added.

Another guest said that their organisation had a no-nonsense approach to cyber resilience – comply or forfeit your bonus. “If you don’t take cybersecurity seriously, you don’t get your bonus.” They firmly believed that cybersecurity had to be a community initiative rather than an IT initiative – it has to be holistic, and a fundamental of behaviour.

One CIO mentioned that simulations played a huge role in ensuring that people were “match fit” to deal with cyberthreats or attacks. However, everyone needs to get on board, even the CEO, one guest added, not only when an incident happens.

Guests also revealed that there are links between cybersecurity and skills or rather the shortage of those skills. “The security experts are going after the lucrative offers, mainly abroad and want to be well-compensated for their skills, and competing with those packages is a challenge on its own,” they said.

But it all boils down to how you recruit, one guest revealed: “Get in those specialist recruiters, work in squads perhaps, and focus on employee value proposition (EVP). That also plays a huge role, beyond the big pay,” they commented.

From a buy-in perspective, one CIO suggested that their colleagues try to cut the jargon, and speak in their language: it’s proven to work for them. Break cybersecurity down into comprehensible, bite-sized pieces. Another CIO mentioned that getting the basics right has worked for them. “Look after the crown jewels (business systems, operations) and internal risks,” they added. This is because for operational efficiencies, security is key, commented another guest.

From a remote work perspective, one CIO insisted that if you apply the policies and rules, where your site is located becomes less of an issue, but speak the same language from operations to IT. What about those sleepless nights? “Leverage our service providers,” one guest suggested. “They are on hand and willing to help, if you ask.” That approach or strategy ties into creating an ecosystem of partners to jointly deal with cybersecurity, another guest added.

Remember, another guest said, “Cybersecurity is not return on investment (ROI), but insurance – it’s what keeps the lights on.”

At the end of the evening, the guests all agreed that while everyone has their own approach to cybersecurity, it is important that dialogues happen to exchange ideas and share potential solutions because in the end, an attack is an attack regardless of what industry you’re in, and detection, awareness, controls and measures are all paramount.

Those in attendance were:

  • Pooven Naidoo, Sekele Xabiso Head of IT
  • Sophy Moumakoe, Pilanesberg Platinum CIO
  • Gareth Forbes, Tourvest CIO
  • Nkosenhle Ngongoma, Ascendis Health Group CIO
  • Unathi Thosago, Adcorp Group CTO
  • Tshilidzi Mafenya, Siyanda Bakgatla Platinum Mine IT Manager
  • Josh Souchon, Sasfin Group CIO
  • Lungile Mginqi, Sasol Group CIO
  • Faith Burn, Eskom CIO
  • Ziaad Suleman, EOH CCO
  • Mary-Lyn Raath, EOH Head of Digital
  • Nomahlubi Sonjica, CIO South Africa Community Manager
  • Reabetswe Rabaji, CIO South Africa Managing Editor

Related articles

How and where will the future CIO work?

What is the workforce of the future? Who will be doing the work? And where will you be doing work? During a discussion with Eskom CIO Faith Burn at the 2024 CIO Day, Investec CIO Shabhana Thaver discussed the role of IT in shaping future work.

Warren Hero joins SARS as new CDO

The 2023 CIO Awards winner will be responsible for designing the South African Revenue Services’ business model for antifragile digital transformation.

Top