Cultivating a Strong Security Culture

The roles of CIO and CISO by nature are complex, adaptive, and evolving, as adversaries exploit new attack vectors, and the sun never rises on the same threat landscape two days in a row. Currently, cyber risk and strategy are in the spotlight, and leaders have to leverage their skills to cultivate a strong security culture and foster inclusive conversations on cybersecurity throughout the organization.

At the upcoming Seattle CIO and CISO Executive Summit, Syam Nair, Chief Technology Officer and Executive Vice President of R&D at Zscaler, will lead a keynote presentation and discussion on “Cultivating a Strong Security Culture.” He will share how to drive the mindset and organizational changes needed to overcome inertia and accelerate transformation. The presentation to the Evanta community will also focus on strategies for navigating complex technologies like AI, automation, and generative AI to their full potential, and reducing security risks while driving greater productivity and simplicity with zero trust architecture.

Ahead of the session, Syam is sharing insights on the topic and why technology and security leaders should focus on security culture at their organizations.

Syam leads Zscaler's product development and research organization, building hyperscale cloud services for secure connectivity and cybersecurity. He has previously served as a product and engineering executive for both Salesforce and Microsoft, with expertise in ground-up incubation and leading large product and development organizations for growing cloud environments at hyperscale. Syam holds a master's degree in Computer Science and Applications from Goa University in India, and a Master of Business Administration from the Kelley School of Business at Indiana University.
 

What is the theme of your keynote session?

My session will focus on the importance of making cybersecurity a priority beyond the walls of IT or security departments themselves. I plan to draw attention to ways in which security can be turned into a top-of-mind concern for every employee, regardless of position or seniority, and the importance of doing so for organizations today. 
 

What are some of the challenges executives face in this area?

Today, executives face challenges in creating a pervasive security culture in two main ways. On one hand, their organizations are made up of a vast majority of non-cyber-specialists who must nevertheless be made to understand that their actions as they relate to technology can have a material impact on the business. An obvious example is social engineering, which we have seen prove a successful tactic time and time again. Executives must impress upon their staff – all staff – the importance of keeping basic cybersecurity principles and best practices top of mind.

The next significant challenge involves the very top of the organization: boards and senior leadership. It is more important than ever, as directors and particularly CISOs come under greater scrutiny, that all executives involved in leading organizations understand the breadth and scope of cyber risk and the controls we use to mitigate it. It falls to senior IT and security leaders to help facilitate this understanding throughout the leadership ranks. 
 

Why is it critical for the Evanta Community to have this conversation now?

I'll address this in terms of the challenges I mentioned above. On one hand, we have seen recent, high-profile and financially devastating cyber incidents, in which controls were undermined in a matter of minutes by clever social engineering attacks. With recent AI advancements, these attacks will only become more convincing through the use of voice spoofing and increasingly believable deepfakes. These incidents also show the folly of focusing purely on technical controls in cybersecurity. There is a cultural component that is lacking in many organizations today that must be addressed.  

For boards and executive leadership, it comes back to the increased scrutiny they are under to understand and prioritize cybersecurity. Everyone knows great leaders lead by example. How can we create comprehensive cybersecurity cultures within our organizations if it is not being discussed and promoted from the very top? I don't think it's possible. 
 

What are you most looking forward to about the session?

I'm most looking forward to facilitating this conversation, during the session and beyond, because I think it is one that a lot of IT and security leaders are ready to have. By showing that there is demand for this sort of effort, we have a better chance of executing on it together as a professional community. 

Join this conversation with Syam Nair of Zscaler at the Seattle CIO and CISO Executive Summit on December 14, or apply to join your local community to connect with like-minded peers on mission critical topics, such as cybersecurity.
 

Special thanks to Syam Nair and Zscaler.