Arun DeSouza is an award-winning thought leader with more than two decades of experience in global security leadership and organizational transformation. Working as CISO, DeSouza's areas of expertise include strategic planning, risk management, identity management, cloud computing, and privacy. DeSouza has also earned numerous industry accolades, including Top Global CISO by Cyber Defense Magazine, Top 10 InfoSec Professional by OnCon, and induction into the CISO Hall of Fame by the global Cyber Startup Observatory.
DeSouza's proven ability to set the strategic direction for security within the organization aligns with enterprise stakeholders to build strategic roadmaps and implement flexible security solutions.
In an interview with SecureWorld News, Arun DeSouza shares his insights on the challenges and emerging trends in the cybersecurity sector and modern ways to adapt to the changing business landscape.
What developments in the security landscape have sparked your enthusiasm, and how does it impact the future of cybersecurity?
In the dynamic landscape of cybersecurity, several trends are influencing the industry's future. Notably, artificial intelligence (AI) emerges as a double-edged sword. While it fosters innovation, automation, and productivity, it simultaneously introduces significant cybersecurity and privacy risks. One prominent threat is business email compromise (BEC), which remains a leading vector for cyber threats. As an entry point for major ransomware and fraud, BEC also contributes to supply chain compromise incidents. Effectively addressing this challenge necessitates a robust email security boundary platform.
To tackle these evolving threats, the integration of generative AI and large language models (LLMs) is shaping the next generation of email security solutions. This synergy simplifies and enhances the efficacy of safeguarding against the intricate landscape of cyber threats, creating a more resilient cybersecurity framework.
The cloud has become the de facto cornerstone for delivery of digital application services. Another major trend necessitating a holistic governance process is cloud security. This involves educating business partners on due diligence, ensuring cloud providers implement multi-dimensional safeguards, and deploying automated provisioning and de-provisioning. Role-based access controls, multi-factor authentication, and adherence to standard screening checklists are essential to securing the cloud environment.
The exponential growth of Internet of Things (IoT) devices, simultaneously projected to exceed 75 billion by 2025 by Statista, presents substantial security and privacy challenges, particularly in the context of widespread 5G connectivity. The recent Verkada incident serves as a stark reminder, emphasizing the pressing need for CISOs to prioritize integrated IoT security and privacy in their strategic considerations.
Zero Trust has come of age. With tailwinds such as the U.S. Cybersecurity Executive Order, it has become a unifying force for transforming cyber security strategy from the old "castle & moat" focus on networks packets to proactively protecting users, applications, and data. This reinforces "Identity as the Digital Perimeter" and dynamically enacts the security of each connection based on the trifecta of Identity, Device Posture, and Session Risk. Zero Trust is a coalition of multiple People, Process & Technology safeguards that also help strengthen privacy. It is a multi-year program and evolving journey—the benefits are immense.
Amidst these challenges, the industry faces a critical talent and skills gap, estimated at 4 million people in 2023 by InfoSecurity Magazine. Bridging this gap requires promoting diversity and inclusivity within the workforce. Encouraging individuals from non-traditional backgrounds to join the cybersecurity field, supported by scholarships, work-study programs, and cross-training initiatives, can help address this shortage.
What foundational traits and principles have been instrumental in driving your professional success throughout your career?
From the outset, a forward-thinking vision has been my guiding force, enabling me to anticipate trends, identify opportunities, and establish long-term goals aligned with organizational objectives. This strategic approach has shaped my decision-making and cultivated a culture of innovation within the teams I've been a part of.
By recognizing the transformative power of collaboration, I actively sought to build bridges and foster robust working relationships. Collaborating with diverse teams elevated the quality of my work and cultivated an environment where ideas flow freely.
It's important to understand that the impact of vision and collaboration is contingent on effective execution. I have consistently demonstrated a commitment to turning plans into reality, whether by spearheading projects, contributing to team initiatives, or translating strategic goals into tangible outcomes.
At the heart of my professional philosophy lies a dedicated focus on results. By approaching every task with a commitment to achieving meaningful outcomes, I ensure that my efforts contribute to the overall success of the projects and organizations I'm involved in. This results-oriented mindset not only drives individual performance but instills a sense of purpose within the teams I lead.
My philosophy can be summed up via the following acronyms:
- Stabilize, Optimize, Accelerate (SOA)
- Stamp your "VISA" to Success
- VISA = Visible, Illustrative, Simple, Actionable
What advice do you want to share with other CISOs in cybersecurity?
Offering invaluable insights for fellow CISOs to consider, it is imperative to emphasize preparedness in the face of evolving cyber threats. With the maturation of Zero Trust, propelled by the U.S. Cybersecurity Executive Order, the paradigm shift from network-centric security to a user-centric model centered on applications and data brings a host of benefits—from reduced risk and heightened security to cost efficiency and a transformative cultural shift.
Examining last year's numerous supply chain attacks, such as those on major entities like Okta and GitHub, underscores the importance of recognizing that a security chain is only as strong as its weakest link. Implementing a robust third-party risk management policy and fostering collaboration with other functions for a shared strategy is vital.
Understanding that people serve as the human firewall against threats, prioritizing continuous employee awareness and training is mission critical. With 95 percent of security incidents attributable to human factors, per the World Economic Forum, proactive measures stand as a robust defense against phishing and other threats. Real-world conflicts cast shadows that significantly amplify cyber risks. Identifying critical processes and assets, prioritizing security exposure risk based on business needs, and implementing targeted security controls are necessary to counter this.
Forging alliances with strategic partners and stakeholders, both within and outside the organization, emerges as a linchpin for mutual success and effective change management. Noteworthy initiatives like the Spectra Alliance and the Zero-Trust Alliance underscore the pivotal role of collaborative efforts in the ever-evolving cybersecurity landscape.
What guidance would you offer to individuals starting their careers in cybersecurity?
To thrive in the field of cybersecurity, young professionals should prioritize fostering collaboration and effective communication. This is crucial due to the interconnected nature of security challenges. Building strong relationships across departments is essential for seamlessly integrating security into organizational operations. They should join industry groups and seek out mentors who can serve as trusted advisors on their career journey.
In the immortal words of Sun Tzu, the well-known strategist and philosopher, "Tactics without strategy is the noise before defeat."
Cyber professionals should also develop the ability to envision threats and articulate complex security concepts through compelling narratives. By efficiently overseeing day-to-day operations and strategically planning and executing long-term cybersecurity initiatives, these professionals can safeguard organizations from evolving threats and cultivate a culture of proactive risk management.
