As data becomes more central to businesses, there are more opportunities for compliance violations and a greater risk of breaches. Therefore, data security and privacy have become more critical than ever. Cybersecurity professionals today are effectively entrusted with defending organizations’ data across multiple environments, making the role of a CISO in protecting sensitive data and ensuring the organization’s overall security of utmost importance.
We had a conversation with Moran Sedbon, the CISO of Earnix, to gain insights into the current threat landscape’s state of data security and privacy. We discussed how CISOs are devising procedures to handle the escalating risks, the likelihood of artificial intelligence taking over the role of CISOs, and other related topics.
How did you start your career as a Chief Information Security Officer (CISO)? What was your progression to where you are as a Director of Security and Compliance at Earnix today?
My introduction to the cybersecurity field began during my time in the Israeli Army as an Intelligence Corps Computer Forensics Investigator. Following my service, I pursued a career in cybersecurity consulting, working on leading domestic and international projects. At the age of 24, I obtained my CISSP certification and assumed the role of a CISO at a global fintech startup.
Today I am the CISO of Earnix, a global fintech company. Throughout my career, I have developed a comprehensive understanding of multiple cybersecurity domains through both research and hands-on experience. As a CISO, I strongly believe that it is essential to have a holistic understanding of all aspects of cybersecurity in order to effectively protect an organization.
According to you, what would be the top traits required to succeed as a cybersecurity professional and CISO?
In my experience, excelling as a cybersecurity professional or CISO requires several key traits. A continuous learning mindset is essential to stay up to date with the latest threats and best practices. Analytical thinking enables effective problem-solving, while technical orientation facilitates the implementation of security measures. Strong communication skills are necessary to effectively convey complex technical information to both technical and non-technical stakeholders. Leadership abilities allow for the development and execution of effective cybersecurity strategies, while an ethical mindset is critical for ensuring that security measures align with organizational values.
By cultivating and optimizing these traits, cybersecurity professionals and CISOs can successfully navigate the complex and constantly evolving cybersecurity landscape. This not only helps protect organizational assets but also contributes to the overall success of their organizations.
In your expert opinion, considering the state of the evolving cybercrime landscape, what are the top security and compliance standards currently being used by organizations?
In the cybersecurity landscape, compliance and standards play a crucial role in helping professionals benchmark the level of security within a company without requiring in-depth analysis. Two main drivers for standard compliance exist, i.e., industry-specific regulations and customer requirements.
Industry regulations, such as PCI-DSS for credit data or HIPAA for health, require companies to comply with specific security standards based on the type of data they handle. On the other hand, customer requirements often mandate the need for compliance with standards such as SOC2 reports or ISO 27001/ISO 27701 certifications.
Why do you think information security and privacy are not the same? Can you elaborate?
For cybersecurity professionals, it’s important to understand that privacy is a goal, and information security is the means to achieve it. In Information Security 101, the first concept you learn is the CIA triad, which stands for confidentiality, integrity, and availability. Confidentiality, the protection of sensitive information from unauthorized access, is key to achieving privacy.
While privacy and information security are related, they are not the same thing. Information security focuses on protecting data from threats such as cyber attacks, while privacy is about ensuring that personal data is handled appropriately and that individuals have control over how their data is used.
In a blog post I wrote in 2020 on this topic, I discussed why information security and privacy are not interchangeable concepts. You can find the post here.
Who are your biggest influences and inspirations in the cybersecurity domain?
Throughout my career in cybersecurity, my team has been a constant source of inspiration and influence. We work closely together, leveraging our collective knowledge, skills, and experiences to tackle security challenges effectively. The dedication, expertise, and passion demonstrated by each team member inspire me on a daily basis.
What certifications do you recommend an aspiring CISO should acquire in today’s times?
As a CISO, there’s no one-size-fits-all approach to learning. The best strategies for professional growth and development will depend on a CISO’s industry and experience. In my opinion, a CISO with a continuous learning mindset should prioritize learning and training in both technical and business domains, as well as staying up to date with emerging technologies and industry practices.
By maintaining a broad knowledge base, CISOs can better understand the complex and ever-changing cybersecurity landscape and make informed decisions that support their organization’s objectives. Additionally, ongoing learning and training can help CISOs remain adaptable and flexible in the face of new challenges and threats.
Overall, a commitment to continuous learning is a critical component of success for any CISO, and there are many options available for those looking to expand their knowledge and skills.
Do you think AI has the potential to replace CISOs in the future?
AI technology has advanced significantly and has the potential to revolutionize industries, including cybersecurity. However, I believe that it will not completely replace CISOs in the near future. The CISO role requires human judgment and decision-making for critical and sensitive issues. While AI can assist in analyzing large volumes of data and identifying patterns, human judgment is necessary to interpret the results in the context of the organization’s specific needs and objectives. In addition, CISOs play a vital role in communication and stakeholder management within an organization. AI, at least in its current state, may not possess the interpersonal skills and emotional intelligence required for effective communication and relationship building.
Furthermore, in the event of a cybersecurity incident or breach, CISOs are responsible for orchestrating an effective response, managing the crisis, and minimizing the impact on the organization. This requires strong leadership skills, the ability to make swift decisions under pressure, and coordinate cross-functional teams. While AI can provide valuable insights during incident response, human leadership is crucial for guiding the overall strategy, ensuring effective communication, and making critical decisions that go beyond algorithmic capabilities. Overall, while AI can be a valuable tool in cybersecurity, in its current state, it cannot replace the unique skills and abilities of CISOs, particularly in the areas of judgment, communication, and leadership.
About the Author
Moran Sedbon
CISO & Director of Security and Compliance,
Earnix
Moran Sedbon is the Director of Security and Compliance at Earnix and has a demonstrated history of extensive work experience in the computer software industry. She is skilled in ISO standards, computer forensics, information security, standards compliance, and is the face of women empowerment in the cyber security industry. She is an active contributor to the Global CISO Leadership Foundation, and her biggest achievements are being the CISO of AU10TIX at the age of 24 and building world-class security frameworks for leading startups, helping them achieve global compliance, security, and privacy standards.
