Regulations are crucial to establish a minimum security baseline and encourage us to reach higher levels of protection
This is an exclusive interview conducted by the Editor Team of CIO News with Andre Shori, Regional Chief Information Security Officer, APAC (Asia Pacific) at Schneider Electric
How did you plan your career path to be a successful technology leader?
My career path started about 30 years ago, when my aptitude for cybersecurity appeared. At that time, it was still “information security,” and cybersecurity was not even a discipline. After my last job at HP, which was not entirely dedicated to security, I jumped in with both feet into cybersecurity and made it the exclusive domain I wanted to focus on. I have been in that space since then.
What challenges have you faced in your career path, and how did you overcome them?
In terms of challenges, previous employers did not necessarily recognize the value and the investment in cybersecurity. So I took my fate into my hands and invested in my education. It was challenging because, during my master’s degree, I had to pay for this expensive education with no income and all the bills that supporting a family comes with. I strongly believe in upgrading my team’s skills, and I mandate that they attend training every year.
What are the challenges faced by technology leaders today while implementing digital technologies?
The main one is operational technology (OT). As the OT environment is, by tradition, a place where people think about human safety, they make sure that they do everything to put health and safety harm first. The assumption has always been that, once it is implemented, it stays static for the next 10–15 years and will work exactly the way it is supposed to. This mindset must change to ensure that we design OT so that it will not cause complete chaos if breached.
How can they overcome these challenges?
Firstly, you will benefit from establishing that the risk belongs to the asset owner, or, in other words, the person who benefits from the usage of the equipment. Then, as subject matter experts, proceed to advise these owners on how to mitigate their risks. Acting as trusted advisors, the governance team at Schneider Electric also validates that the policies and standards are adhered to by performing checks and audits to find and close any gaps.
Any best practise trends or advice you’d like to share with technology leaders to help them prepare for a successful professional journey?
Always try to get better, understand the new tools, and analyse the latest trends. To me, continuously upgrading your skills is key. The second point would be to be part of the greater cybersecurity ecosystem to share knowledge and experience. We need to learn from each other; our attackers have a fantastic ability to share knowledge, and that is how they get good at defeating our defenses. We need to be better at sharing knowledge safely and securely to enhance our protection.
Any other points that you would like to highlight?
If I were to highlight one particular point, it would be trust. Trust is a crucial cornerstone of success. We, cybersecurity people, are trained not to trust anything or anyone, but at some point, we need at least a little trust in each other to share the keys to success. It works for me, so it might also work for others.
Trends of Cyber security for organizations:
Manufacturing is one of the main targets in the industrial sector, and the bad news is that many manufacturers do not even know that they have been attacked.
The number of attacks will keep growing as digitalization offers attackers more doors, increasing our threat landscape. We must address this first and foremost by having proper hygiene and acting proactively to identify threats before they hit. The role of government in the cybersecurity space is growing. Of course, regulations are crucial to establish a minimum security baseline and encourage us to reach higher levels of protection, but sometimes laws make global operations more complex. It’s always a good idea for all cybersecurity practitioners to establish a dialogue with their governments and regulators to exchange information so that we can speak the same language and progress together in a safer world.
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics