Thinkers360
Interested in getting your own thought leader profile? Get Started Today.

Jean-Christophe Gaillard

Founder and Managing Director at Corix Partners

London, United Kingdom

8009 Followers

JC Gaillard is the Founder and Managing Director of Corix Partners, a London-based Boutique Management Consultancy Firm and Thought-leadership Platform focused on assisting CIOs and other C-level executives in resolving Cyber Security Strategy, Organisation and Governance challenges.

He is a leading consultant, a senior executive and a global cyber security influencer with over 25 years of experience developed in several financial institutions in the UK and continental Europe, and a track-record at driving fundamental change in the Security field across global organisations, looking beyond the technical horizon into strategy, governance, culture, and the real dynamics of transformation.

French and British national permanently established in the UK since 1993, he holds an Engineering Degree from Telecom Paris and has been co-president of the Cyber Security group of the Telecom Paris alumni association since May 2016.

He runs the Corix Partners blog and the “Security Transformation Leadership” publication on Medium.

He is a Fellow of the Chartered Institute of Information Security (FCIIS) , a member of the Forbes Business Council and contributes regularly to the Business Transformation Network, London Tech Leaders and TechNative websites; he has also posted regularly in the past on The Digital Transformation People, IoTforAll, Business 2 Community and Experfy platforms.

He is an expert contributor on the CIO Water Cooler, and has previously published articles on InfoSecurity Magazine, Computing, the C-Suite.co.uk, Info Sec Buzz, Disruption Hub, and the IoD Director websites.

He is involved with techUK as part of their Cyber People Series, which explores how CISOs should engage at C-Suite and Board level, with two reports on the theme released in December 2020 and December 2021.

He also collaborates with leading analysts firm Kuppinger Cole in Germany, with the Association for Data and Cyber Governance in the US and with the Edutec Alliance in Brazil.

He was listed in the top 10 of UK 30 most influential thought leaders on Risk, RegTech and Compliance by Thomson Reuters in April 2017, and in the top 100 global social media influencers for financial services by Refinitiv in July 2019.

He is a 2022 Onalytica Cyber Security Influencer, and was also identified by them as as “Social Media Amplifier” on Risk Management in April 2021, and as a “Key Opinion Leader” on Data Management, IoT Connectivity and RPA in December 2020 and January 2021, as well as an influential voice and sub-topic expert on hybrid work and the future of work in January 2022.

He has been ranking consistently in the top 5 of global influencers with Thinkers360 on cybersecurity and security, and in the top 10 on leadership and management.

He is the author of “Cyber Security: The Lost Decade – A Security Governance Handbook for the CISO and the CIO”, first published in September 2017 with updated annual editions released every year since.

He animates the Security Transformation Research Foundation, a dedicated think-tank and research body affiliated to Corix Partners, aimed at approaching Security problems differently and producing innovative and challenging research ideas in the Security, Business Protection, Risk and Controls space, and co-produces the Cyber Security Transformation podcast on Anchor.

He is also a Non-Executive Director with Strata Security Solutions and has been a member of the NextWorld Capital European Advisors Network since 2014.

Available For: Advising, Consulting, Influencing, Speaking
Travels From: London
Speaking Topics: Cyber Security Leadership, Cyber Security Transformation

Speaking Fee $5,000

Jean-Christophe Gaillard Points
Academic 20
Author 669
Influencer 178
Speaker 47
Entrepreneur 125
Total 1039

Points based upon Thinkers360 patent-pending algorithm.

Thought Leader Profile

Portfolio Mix

Company Information

Company Type: Company

Areas of Expertise

Business Continuity 30.63
Business Strategy
Change Management
Cloud 30.43
COVID19 90.17
CSR
Culture
Cybersecurity 100
Digital Disruption
Digital Transformation 30.12
Diversity and Inclusion 30.21
Ecosystems
Edtech 31.31
Emerging Technology
Entrepreneurship
Fintech 30.77
Innovation 32.34
IoT 30.36
Leadership 56.00
Management 65.05
Privacy 35.03
Risk Management 34.79
RPA 31.06
Startups 35.17
Supply Chain 30.15
Security 44.90
Future of Work 30.10
AI 30.07
Marketing 30.08

Industry Experience

Consumer Products
Financial Services & Banking
Healthcare
High Tech & Electronics
Higher Education & Research
Hospitality
Insurance
Other
Professional Services
Travel & Transportation

Exclusive Content    Join Jean-Christophe Gaillard's VIP Club

4 Article/Blogs
The Corix Partners Friday Reading List - June 24, 2022
Thinkers360
June 23, 2022
Top 10 Leadership and Management links of the week, curated by JC Gaillard, focusing on cyber security of course, but also a large cross section of subjects including digital transformation, emerging tech, ESG governance and the future of work

See content

Tags: Cybersecurity, Leadership, Management

The Corix Partners Friday Reading List - June 17, 2022
Thinkers360
June 17, 2022
Top 10 Leadership and Management links of the week, curated by JC Gaillard, focusing on cyber security of course, but also a large cross section of subjects including digital transformation, emerging tech, ESG governance and the future of work

See content

Tags: Cybersecurity, Leadership, Management

The Corix Partners Friday Reading List - June 10, 2022
Thinkers360
June 10, 2022
Top 10 Leadership and Management links of the week, curated by JC Gaillard, focusing on cyber security of course, but also a large cross section of subjects including digital transformation, emerging tech, ESG governance and the future of work

See content

Tags: Cybersecurity, Leadership, Management

The Corix Partners Friday Reading List - June 3, 2022
Thinkers360
June 02, 2022
Top 10 Leadership and Management links of the week, curated by JC Gaillard, focusing on cyber security of course, but also a large cross section of subjects including digital transformation, emerging tech, ESG governance and the future of work

See content

Tags: Cybersecurity, Leadership, Management

Publications

1 Academic Fellow / Scholar
Co-President Cyber Security Group - Telecom Paris Alumni Association - Paris, France
Telecom Paris Alumni Association
May 15, 2016
The group with about 300 members, aims at elaborating new and challenging points of view on cyber-security matters, through regular meetings and events hosted mainly at Telecom Paris, with alumni and professionals who work in this domain.

See publication

Tags: Cybersecurity, Management, Leadership

2 Advisory Board Memberships
Board Advisor
IAM Experts
September 17, 2019

See publication

Tags: Cybersecurity, Innovation, Startups

Member of the NextWorld Capital European Advisors Network
Next World Capital
November 01, 2014
NextWorld Capital invests in early-revenue stage enterprise tech startups and helps them grow into global leaders. A focused, dynamic firm that leads investments in what’s next and rolls up its sleeves to help grow companies into global leaders.

See publication

Tags: Cybersecurity, Innovation, Startups

94 Article/Blogs
Anybody Still Interested in GDPR (apart from lawyers)?
Import from medium.com
June 04, 2022
4 years on, it is starting to look like the introduction of the GDPR has not been the decisive moment for data privacy many were expecting.Continue reading on Security Transformation Leadership »

See publication

Tags: Leadership, Privacy

Time to Look at the Role of the CISO Differently
Import from medium.com
May 28, 2022
What is now required is political acumen, managerial experience and personal gravitas, more than raw technology skills.Continue reading on Security Transformation Leadership »

See publication

Tags: Leadership, Cybersecurity, Security

Why Cybersecurity Is Now A Board-Level Leadership Imperative
Forbes
May 19, 2022
Cybersecurity is not just a technology problem—it never was.

See publication

Tags: Cybersecurity, Leadership, Management

Leading by Listening: The Other Secret Sauce for the CISO
Import from medium.com
April 30, 2022
The times have gone when the CISO had to explain what cyber security was about and the value it broughtContinue reading on Security Transformation Leadership »

See publication

Tags: Leadership, Management, Cybersecurity, Security

Three Keys To Understanding The Cybersecurity Skills Gap (And Dealing With It)
Forbes
April 08, 2022
You don’t have to go far to find cybersecurity professionals who are facing skills shortages, but the problem has several dimensions that have to be understood and mapped out before we can start to figure out possible solutions.

See publication

Tags: Cybersecurity, Leadership, Management

Getting Things Done: The Secret Sauce for the CISO
TechNative
April 04, 2022
The key around cyber security remains Execution, Execution and Execution

See publication

Tags: Cybersecurity, Leadership, Management

Three Axes of Discussion to Build up a Cyber Security Agenda at Board Level
Import from medium.com
April 02, 2022
Revisiting the questions the Board should ask (one more time…)Continue reading on Security Transformation Leadership »

See publication

Tags: Management, Security, Leadership, Cybersecurity

It's Time To Look At The Role Of The CISO Differently
Import from forbes.com
March 10, 2022
What is now required is political acumen, managerial experience and personal gravitas—more than raw technology skills.

See publication

Tags: Cybersecurity, Leadership, Management

Cyber Security: The Constant Confusion Between Tool and Process
TechNative
March 09, 2022
There are real issues in the security operations space but buying more tools won’t help

See publication

Tags: Cybersecurity, Leadership, Management

Time to Deal with Cyber Security Strategically, and from the Top Down
Import from medium.com
March 04, 2022
This is no longer just about tech — if it ever wasContinue reading on Security Transformation Leadership »

See publication

Tags: Management, Cybersecurity, Leadership

Cyber Security Awareness Programmes: Are They Really Working? And What to Do About it?
Import from medium.com
February 26, 2022
When some people say they don’t know what to do around cyber, you may want to ask them where they have been for the last 10 years…Continue reading on Security Transformation Leadership »

See publication

Tags: Security, Leadership, Cybersecurity

Time to Bring the Cyber Security Technical Debt under Control
Import from medium.com
February 12, 2022
Stop buying more tech for the sake of it and start focusing on the decluttering of your cyber security landscape.Continue reading on Security Transformation Leadership »

See publication

Tags: Leadership, Cybersecurity, Security

The Way Forward with Cyber Security Target Operating Models
TechNative
February 03, 2022
“Process and People first, THEN Technology” will always be at the heart of the winning formula here

See publication

Tags: Cybersecurity, Leadership, Management

The Corix Partners Friday Reading List
Import from medium.com
February 03, 2022
An exclusive weekly selection of 10 top articles curated by Corix Partners Founder & MD JC Gaillard, focused on a large cross-section of leadership and management matters, covering cyber security of course, but also digital transformation, emerging tech, ESG governance and the future of workSam

See publication

Tags: Leadership, Cybersecurity

Getting Things Done: The Secret Sauce for the CISO
Import from medium.com
January 22, 2022
The key around cyber security remains Execution, Execution and ExecutionContinue reading on Security Transformation Leadership »

See publication

Tags: Security, Leadership, Cybersecurity, Management

Cyber Security: The Message that Never makes it up to the Board
Import from medium.com
January 08, 2022
Cyber security was never a purely technical problem; it is now a leadership imperative in many firmsContinue reading on Security Transformation Leadership »

See publication

Tags: Management, Cybersecurity, Security, Leadership

Cyber Security Leadership for the CIO and the C Suite
Import from medium.com
January 08, 2022
The Cyber Security Leadership NewsletterAn essential resource for the CIO and the CISOClick here to view our January issue and subscribe if you like it (top left)A reference resource for the CIO and the C-Suite on cyber security, looking beyond the technology horizon into leadership, management, c

See publication

Tags: Leadership, Security, Cybersecurity, Management

Turning the Tables on Cyber Security Budgets
TechNative
December 09, 2021
Time to move away from bottom-up dynamics: The Board should decide on priorities and drive the discussion

See publication

Tags: Cybersecurity, Leadership, Management

Towards Clearer Governance for OT Security
Import from medium.com
November 28, 2021
It is not rare for OT Security to end up in some form of organisational no-man’s-landContinue reading on Security Transformation Leadership »

See publication

Tags: Leadership, Cybersecurity

Cyber Security: The Constant Confusion Between Tool and Process
Import from medium.com
November 13, 2021
There are real issues in the security operations space but buying more tools won’t helpContinue reading on Security Transformation Leadership »

See publication

Tags: Management, Leadership, Cybersecurity

The Way Forward with Cyber Security Target Operating Models
Import from medium.com
October 11, 2021
“Process and People first, THEN Technology” will always be at the heart of the winning formula hereContinue reading on Security Transformation Leadership »

See publication

Tags: Leadership, Management, Cybersecurity

Cyber Security can be a Pillar of any Corporate Post-Pandemic Agenda, but are the CISOs ready for it?
TechNative
October 11, 2021
A comment left on one of my articles made me think: How can cyber security leaders drive a long-term transformative agenda, with a business and a board that cannot see beyond the short-term?

See publication

Tags: COVID19, Cybersecurity, Leadership

Turning the Tables on Cyber Security Budgets
Import from medium.com
September 18, 2021
Time to move away from bottom-up dynamics: The Board should decide on priorities and drive the discussionContinue reading on Security Transformation Leadership »

See publication

Tags: Cybersecurity, Leadership, Management

The 3 Biggest Mistakes the Board can Make around Cybersecurity
Association for Data and Cyber Governance
September 03, 2021
Although the topic of cybersecurity is now definitely on the board’s agenda in most organizations, it is rarely a fixed item. More often than not, it makes appearances at the request of the Audit & Risk Committee or after a question from a non-executive director, or – worse – in response to a security incident or a near-miss. All this hides a pattern of recurrent cultural and governance attitudes which could be hindering cyber security more than enabling it.

See publication

Tags: Cybersecurity, Management, Leadership

The Problem with Cyber Security ROI
TechNative
September 02, 2021
CISOs being asked those questions should look beyond the topic itself and face the underlying issues it might be hiding

See publication

Tags: Cybersecurity, Leadership, Management

Cyber Security: The Lost Decade — 2021 Edition
Import from medium.com
September 01, 2021
Cyber Security: The Lost Decade — 2021 EditionWhy large organizations still struggle with decade-old security problems — and how to fix them*** Buy it here on Blurb ***I have been involved with information security matters for over 20 years and started writing regularly on the topic i

See publication

Tags: Leadership, Cybersecurity, Management

The 3 Biggest Mistakes the Board can Make around Cyber Security
TechNative
August 11, 2021
The protection of the business from cyber threats is something you need to grow, not something you can buy

See publication

Tags: Cybersecurity, Leadership, Management

Cyber Security: A Top-down Imperative for Schools
Import from medium.com
August 07, 2021
JC Gaillard talks to Glaucia Rosas from the Edutec Alliance on how school leaders need to approach cyber security in the wake of the COVID…Continue reading on Security Transformation Leadership »

See publication

Tags: Cybersecurity, Leadership, Management

The Problem with Cyber Security ROI
Import from medium.com
July 31, 2021
CISOs being asked those questions should look beyond the topic itself and face the underlying issues it might be hiding.Continue reading on Security Transformation Leadership »

See publication

Tags: Leadership, Management, Cybersecurity

Why Cybersecurity Tools Aren’t Enough
Association for Data and Cyber Governance
July 30, 2021
For any organization above a certain size, effective and efficient protection can only result from the layered application of protective measures at the people, process, and technology level. And in that order.

See publication

Tags: Cybersecurity, Leadership, Management

Cyber Security: The Operational Illusion
TechNative
July 21, 2021
Looking back at what happened at ground level throughout the COVID crisis, it is clear that the focus has been entirely on operational matters: From moving into remote working at scale for the services industry, to keeping supply chains working for the manufacturing sector, or many retail firms having to re-invent themselves as digital businesses, literally within weeks. It has all been about keeping the lights on, understandably.

See publication

Tags: Cybersecurity, Management, Leadership

How to Build Back Better With Cybersecurity as a Core Principal
Association for Data and Cyber Governance
July 16, 2021
How can cybersecurity leaders drive a long-term transformative agenda, with a business and a board that cannot see beyond the short-term?

See publication

Tags: Cybersecurity, Leadership, Management

The New First 100 Days of a CISO
Association for Data and Cyber Governance
July 02, 2021
Focusing ONLY on tactical firefighting is a major mistake, even in a global pandemic

See publication

Tags: Cybersecurity, Leadership, Management

A few big hacks in the US and everybody is talking about ransomware again…
Import from medium.com
June 19, 2021
Defence in depth is key, but why are we hearing so little about it? Time for a few hard truthsContinue reading on Security Transformation Leadership »

See publication

Tags: Cybersecurity, Leadership, Management

Cyber Security can be a Pillar of any Corporate “Build Back Better” Agenda
Import from medium.com
June 05, 2021
But are the CISOs ready for it?Continue reading on Security Transformation Leadership »

See publication

Tags: COVID19, Leadership, Cybersecurity, Management

Cyber Security Automation is Key to Fight the Skills Gap
TechNative
June 02, 2021
To start building solutions to the skills gap problem, it is key to look at it in all its dimensions

See publication

Tags: Cybersecurity, Leadership, Management

Changing Jobs in a Global Pandemic: The New First 100 Days of the CISO
Import from medium.com
May 15, 2021
Focusing ONLY on tactical firefighting is a major mistake, even in a global pandemicContinue reading on Security Transformation Leadership »

See publication

Tags: Leadership, Cybersecurity, Management, COVID19

Cyber Security Automation is Key to Fight the Skills Gap
Import from medium.com
May 01, 2021
To start building solutions to the skills gap problem, it is key to look at it in all its dimensions.Continue reading on Security Transformation Leadership »

See publication

Tags: Cybersecurity, Management, Leadership

Cyber Security: The Operational Illusion
techUK
April 22, 2021
Security culture and governance eat tech for breakfast

See publication

Tags: Cybersecurity, Leadership, Management

A Real-life Take on the Cyber Security Skills Gap
TechNative
April 12, 2021
The security industry must rebuild its narrative to attract more raw talent at all levels

See publication

Tags: Cybersecurity, Leadership, Management

A Different Take on The Short Tenure of the CISO
Import from medium.com
March 04, 2021
Looking beyond stress, burnout, and scapegoating theories: What is really going on?Continue reading on Security Transformation Leadership »

See publication

Tags: Leadership, Cybersecurity, Management

Deconstructing GRC and making it work in the Information Security space
Import from medium.com
February 26, 2021
Over recent years, the GRC (Governance, Risk and Compliance) acronym has become very common in the Information Security community. Various…Continue reading on Security Transformation Leadership »

See publication

Tags: Cybersecurity, Leadership, Management

Cyber Security: There are still Problems at the Top
Import from medium.com
February 05, 2021
Only a cultural shift across the Boardroom can move the needleContinue reading on Security Transformation Leadership »

See publication

Tags: Management, Cybersecurity, Leadership

The 3 Biggest Mistakes the Board can Make around Cyber Security
Import from medium.com
February 03, 2021
The protection of the business from cyber threats is something you need to grow, not something you can buyContinue reading on Security Transformation Leadership »

See publication

Tags: Cybersecurity, Leadership, Management

Cyber Security: The Operational Illusion
Import from medium.com
January 23, 2021
Security culture and governance eat tech for breakfastContinue reading on Security Transformation Leadership »

See publication

Tags: Management, Leadership, Cybersecurity

The CISO must be – first and foremost – a Leader
TechNative
January 21, 2021
The key challenges of the transformational CISO are not technological, but managerial.

See publication

Tags: Cybersecurity, Leadership, Management

A Different Take on the Cyber Landscape
Import from medium.com
January 14, 2021
The Cyber Security Transformation PodcastContinue reading on Security Transformation Leadership »

See publication

Tags: Cybersecurity, Leadership, Management

Remote Work, Leadership and Cyber Security
Import from medium.com
January 10, 2021
Transformational opportunity for firms, or tactical trap for the CISO?Continue reading on Security Transformation Leadership »

See publication

Tags: Leadership, COVID19, Cybersecurity

GDPR: When are the regulators going to show their muscles?
Import from medium.com
November 21, 2020
Protecting the Public or Protecting Big Business?… The recent downgrading of fines by the UK ICO for British Airways and Marriott raises…Continue reading on Security Transformation Leadership »

See publication

Tags: Cybersecurity, Leadership, Privacy

The CISO must be — first and foremost — a Leader
Import from medium.com
October 31, 2020
The key challenges of the transformational CISO are not technological, but managerial.Continue reading on Security Transformation Leadership »

See publication

Tags: Cybersecurity, Leadership, Management

A Real-life Take on the Cyber Security Skills Gap
Import from medium.com
September 19, 2020
The security industry must rebuild its narrative to attract more raw talent at all levelsContinue reading on Security Transformation Leadership »

See publication

Tags: Management, Cybersecurity, Leadership

Cyber Security: The Lost Decade - 2020 Edition
Import from medium.com
September 19, 2020
Why large organizations still struggle with decade-old security problems — and how to fix themContinue reading on Security Transformation Leadership »

See publication

Tags: Leadership, Cybersecurity, Management

Budgeting for Cyber Security post-COVID: Three Golden Rules for the C-Suite
Import from medium.com
September 05, 2020
This is not just about tech, and there is no tech silver bullet which can buy you cyber resilienceContinue reading on Medium »

See publication

Tags: Leadership, Cybersecurity, COVID19

Cyber Security and the Culture of Alienation
Import from medium.com
August 17, 2020
Empirical, bottom-up and organically developed cyber security functions need to evolveContinue reading on Security Transformation Leadership »

See publication

Tags: Management, Cybersecurity, Leadership

Post-COVID Outlook for Cyber Security: New Normal … Looking a Lot like the Old
Import from medium.com
July 20, 2020
The COVID crisis has not changed the cyber security fundamentals: What will the new normal be like?Continue reading on Security Transformation Leadership »

See publication

Tags: Management, COVID19, Leadership, Cybersecurity

Cyber Security: Beyond a Mere Operational Approach
Import from medium.com
June 19, 2020
The post-COVID winners will be those who treat it strategically nowContinue reading on Security Transformation Leadership »

See publication

Tags: Management, Leadership, COVID19, Cybersecurity

Cyber Insurance: Changing Dynamics in a Maturing Market
Import from medium.com
June 01, 2020
Skills and data are building up, leading to less favourable conditions for negligent buyersContinue reading on Security Transformation Leadership »

See publication

Tags: Leadership, Cybersecurity, Management

COVID-19, Cyber Security and the “New Normal”
Import from medium.com
May 01, 2020
It is hard not to see tech, security and privacy coming out stronger.Continue reading on Medium »

See publication

Tags: Cybersecurity, Privacy, COVID19

Is the Coronavirus killing the GDPR?
Import from medium.com
April 10, 2020
In practice, the COVID-19 crisis has put regulatory powers on hold but as things stand, two forces seem to be at play.Continue reading on Security Transformation Leadership »

See publication

Tags: Leadership, Privacy, COVID19

“Good Security Governance” is not a Piece of Useless Consultant Jargon
Import from medium.com
March 20, 2020
It is an essential protective layer for any organisation.Continue reading on Security Transformation Leadership »

See publication

Tags: Cybersecurity, Leadership, Management

Can you still Afford “not to afford” Cyber Security?
Import from medium.com
February 11, 2020
Large firms with multi-million IT and security budgets should not end up in the mess we have seen with recent ransomware incidents. Period.Continue reading on Security Transformation Leadership »

See publication

Tags: Cybersecurity, Leadership, COVID19

The Real Leadership Challenges around Cyber Security
Import from medium.com
January 16, 2020
The security industry needs to pivot away from “talking about things” onto “getting things done”Continue reading on Security Transformation Leadership »

See publication

Tags: Cybersecurity, Leadership, Management

In Defence of Maturity-based Approaches for Cyber Security
Import from medium.com
January 06, 2020
It doesn’t make sense to oppose maturity & risk-based approaches to cyber securityContinue reading on Security Transformation Leadership »

See publication

Tags: Management, Leadership, Cybersecurity

Does the role of the “Virtual CISO“ make any sense?
Import from medium.com
December 08, 2019
Outsourcing something simply because you don’t understand it is rarely a good start.Continue reading on Security Transformation Leadership »

See publication

Tags: Cybersecurity, Management, Leadership

Towards a New Profile for the CISO
Import from medium.com
December 03, 2019
A decade of firefighting has taken its toll on the CISO professionContinue reading on Security Transformation Leadership »

See publication

Tags: Cybersecurity, Management, Leadership

Cyber Security: A Look Across Two Decades
Import from medium.com
November 28, 2019
The Security industry talks a lot about what could go wrong … but not so much about how to improve thingsContinue reading on Security Transformation Leadership »

See publication

Tags: Cybersecurity, Leadership, Management

The Hard Truth Around Cyber Security Awareness Programmes
Import from medium.com
November 01, 2019
5 key points to drive culture change around cyber securityContinue reading on Security Transformation Leadership »

See publication

Tags: Management, Cybersecurity, Leadership

Cyber Security: Revisiting the Questions the Board Should Ask
Import from medium.com
October 19, 2019
One Board member must be in charge and their pay package must ride on itContinue reading on Security Transformation Leadership »

See publication

Tags: Management, Cybersecurity, Leadership

The Impossible Role of the CISO
Import from medium.com
October 01, 2019
Security Organizations must evolve. The CISO cannot be credible on all frontsA recent comment I read on Linkedin made me think.It was in response to a post on zero-day vulnerabilities and software patching, and roughly translated from the French, it read as follows:“One day, you stand in front

See publication

Tags: Management, Leadership, Cybersecurity

Ransomware: Paying Money to Criminals is not an Ordinary Business Transaction
Import from medium.com
September 07, 2019
Public authorities must step up their game to help SMBsRansomware has been on the radar with cyber security professionals for a number of years. At Corix Partners, we wrote about it for the first time 3 years ago in the summer of 2016 following a conference in London at the Institute of Directors h

See publication

Tags: Cybersecurity, Leadership, Management

Evolution And The Chief Information Security Officer
Disruption Hub
August 15, 2019
The CISO cannot be credible on all fronts: The traditional role of the CISO must evolve to attract and develop a new generation of leaders into security roles. This is absolutely necessary to address the transversal nature of security – and privacy – matters in large firms, and break the spiral of failure which has plagued cybersecurity for the last decade.

See publication

Tags: Cybersecurity, Management, Leadership

The Tactical Trap
Import from medium.com
August 03, 2019
Cyber Security maturity stagnates because many CISOs are structurally prevented from looking beyond day-to-day firefightingMany CISOs struggle to look beyond day-to-day firefighting and get trapped in tactical games. We highlighted this last year in the context of our “100 Days” series and it is

See publication

Tags: Management, Cybersecurity, Leadership

Why are we still facing so many security products and vendors?
Import from medium.com
July 05, 2019
A symptom of the unhealthy relationship between cyber security and large firmsAs we reach one of the high points of each year’s conference season, one has to reflect once more on the staggering number of products and vendors active across the cybersecurity space.Once again, they will line up in t

See publication

Tags: Cybersecurity, Leadership, Management

Start-ups: Your Most Valuable Asset in the Long Run Will Be the Trust of Your Customers
Import from medium.com
July 05, 2019
Bake it in from the start: “Moving fast and breaking things” will become a thing of the past as customers and investors take security and privacy more and more seriouslyIt seems that security is still — at best — an afterthought for most start-ups as they go about building their Mini

See publication

Tags: Cybersecurity, Innovation, Startups

Une gestion active des risques fournisseurs
ArsiaMons
June 25, 2019
La qualité de la relation client-fournisseur est un réel levier de croissance pour les entreprises et parfois un soutien essentiel en période de crise. Pour construire un lien fort, basé sur la confiance, une gestion fine du risque associé à chacun de ses fournisseurs « critiques » s’impose.

See publication

Tags: Leadership, Risk Management, Supply Chain

What Cyber Resilience is Not About …
Import from medium.com
June 01, 2019
What Cyber Resilience is Not About …Cyber resilience must not be used to legitimise window-dressing practices around cyber securityAlthough the theme is gaining momentum, there is a certain amount of confusion around what cyber resilience really means for organisations.For many, it is just anoth

See publication

Tags: Management, Leadership, Cybersecurity

Cloud-Native Environments: A Challenge for Traditional Cyber Security Practices
Import from medium.com
June 01, 2019
Blind trust is no longer enough in the era of GDPRClouds are those blurred masses of condensed watery vapor floating in the sky whose gloomy nature often leads to questionings around their true physical state. Are they really tangible? Could we touch what we look up to? And above all, is there a di

See publication

Tags: Cloud, Cybersecurity, Leadership

Towards a new model of data ownership?
Import from medium.com
May 10, 2019
In anything but name, data is today’s most used currency.Continue reading on Security Transformation Leadership »

See publication

Tags: Leadership, Privacy, Startups

IoT Security: A simple matter of common sense for product developers and investors
Import from medium.com
May 10, 2019
Security basics should be part of any MVP. PeriodAfter almost 5 years (at least) of constant media coverage around IoT privacy invasions and security breaches, it is staggering to see some sectors of the tech industry apparently still struggling with those matters.For many analysts, it all boils d

See publication

Tags: Cybersecurity, IoT, Startups

Cyber Security in the “When-Not-If” Era
Import from medium.com
April 06, 2019
No longer just as an equation between risk appetite, compliance requirements and costsThe “When-Not-If” paradigm around cyber-attacks is changing the deal completely around cyber security.Many large organisations now assume that breaches are simply inevitable, due to the inherent complexity of

See publication

Tags: Leadership, Cybersecurity, Management

The Two Factors Killing GRC Practices
Import from medium.com
April 06, 2019
Excessive complexity and lack of first line integration render many GRC metrics uselessMany CISOs complain of communication problems with their business. They are not being listened to. They are not getting the budget they think they should get. They feel their business prioritises against security

See publication

Tags: Cybersecurity, Leadership, Management

Revue TELECOM 190 – Editorial par Jean-Christophe Gaillard et Laura Peytavin
Revue TELECOM
October 01, 2018
Alors que la France porte très haut en cette année 2018 le thème de l’intelligence artificielle (IA), pour en faire le Prométhée d’une nouvelle société numérique, le groupe Cybersécurité de Télécom Paris Alumni a décidé d’explorer l’implication de la déferlante « IA » dans le domaine de la sécurité numérique.

See publication

Tags: AI, Cybersecurity, Leadership

The Digital Transformation and the Role of the CISO
Kuppinger Cole
July 09, 2018
Cybersecurity needs to be at the heart of the digital transformation, but organisational models will have to evolve

See publication

Tags: Cybersecurity, Leadership, Management

RGPD : A quoi peut-on s’attendre jusqu’au 25 Mai et au-delà ?
ArsiaMons
May 01, 2018
Depuis l’an dernier, le RGPD est au centre des discussions dans beaucoup d’entreprises en relation avec la protection de la vie privée et des données personnelles, leur sécurité, les risques associés et les contrôles à mettre en place. Mais la réalité reste que le concept de « conformité » RGPD est mal défini, en dépit de ce que beaucoup d’éditeurs et de consultants – grands et moins grands – voudraient vous faire croire.

See publication

Tags: Leadership, Management, Privacy

Revue TELECOM 185 - Editorial par Jean-Christophe Gaillard
Revue TELECOM
June 15, 2017
Depuis plusieurs mois, les réseaux sociaux et Internet sont envahis par une immense quantité d’articles et de contenus autour du thème du RGPD: La nouvelle réglementation a la capacité d’être un véritable catalyseur autour de la Protection des données personnelles et de la sécurité mais il est essentiel de la placer dans le contexte juste et d’aller au-delà des clichés court-termistes.

See publication

Tags: Leadership, Management, Privacy

Bridging the Gap Between IT Security and IT Operations
Infosecurity Magazine
June 09, 2017
Life for a CISO could be better. Too many today look out over an landscape overrun by poorly-deployed security tools consuming too many scarce resources, and a dynamic between IT and security that is skeptical at best and distrustful at worst.

See publication

Tags: Cybersecurity, Leadership, Management

RGPD : Une perspective de terrain pour traiter le problème
ArsiaMons
March 31, 2017
Les clichés simplistes qui ont envahi les réseaux sociaux autour de la RGPD doivent être examinés à la lumière de vraies valeurs de terrain.

See publication

Tags: Leadership, Management, Privacy

Ransomware: 5 practical tips to deal with attacks, and why good practices matter more than ever
FIC
December 14, 2016
Ransomware attacks have become one of the most dominant forms of cyber-attacks over the past few years. For large firms, losses can easily run into the tens of millions by the time everything is added up.

See publication

Tags: Cybersecurity, Leadership, Management

Cyber insurance: What do you think you’re buying?
IoD Director
November 17, 2016
There has been a vast amount of hype around cyber insurance in recent years, and many industry players are jumping on the bandwagon because they perceive it to be a lucrative niche. In reality, the market is still maturing.

See publication

Tags: Cybersecurity, Leadership, Management

Internet des Objets, Big Data, Cloud : Prendre la sécurité et la confidentialité au sérieux
ArsiaMons
April 06, 2016
La convergence de l’IdO, du Big Data et des technologies liées au Cloud Computing ouvre depuis plusieurs années un très grand nombre de possibilités en termes de nouveaux produits et services numériques. Le sujet attire un grand intérêt de la part des médias et des investisseurs, qui va au-delà du buzz médiatique conventionnel : Ce type de convergence technologique est un évènement rare qui affectera – à terme – tous les secteurs de l’industrie, et aura un effet transformationnel profond sur l’économie en général et sur nos modes de vie.

See publication

Tags: Cybersecurity, Leadership, Privacy

The Board Strikes Back
The New Statesman
February 26, 2016
Responding tactically to cyber threats is not sufficient. Boards now need to step up, argues JC Gaillard, Managing Director of Corix Partners

See publication

Tags: Cybersecurity, Leadership, Management

4 Tips for CIOs to Deal Efficiently with Shadow IT
Information Security Buzz
December 03, 2015
Dealing with Shadow IT embodies the evolution of the role of the CIO, from being primarily a technologist and a problem solver to being an influencer and a risk manager. Thinking about Shadow IT as a “problem” and something that should be banned is not the right start. Embracing it without controls as the way forward is equally wrong. This is just part of a different way of working around technology and security.

See publication

Tags: Cybersecurity, Leadership, Management

Cyber Security: Board of Directors Need to ask the Real Questions
Information Security Buzz
August 07, 2015
The Board of Directors should not approach Cyber Security purely from a Risk perspective. Risk is ultimately about “things that may or may not happen”. When it comes to Cyber Security, the Board should start from the premise that this is a matter of “when”, not “if” – and should shift the focus towards understanding and managing what is actually getting done to protect the organisation.

See publication

Tags: Cybersecurity, Leadership, Management

How to achieve effective cyber security in a hyperconnected world
Computing
February 25, 2015
JC Gaillard of Corix Partners casts a critical eye over the findings of last year's World Economic Forum research into cyber security

See publication

Tags: Cybersecurity, Management, Leadership

1 Board Membership
Non Executive Director - Strata Security Solutions
Strata Security Solutions
March 01, 2019
Strata delivers joined-up security for infosec teams. By liberating security data from siloes, Strata puts cyber professionals in control and frees up time.

See publication

Tags: Cybersecurity, Leadership, Management

5 Books
Cyber Security: The Lost Decade – 2021 Edition
The Security Transformation Research Foundation
August 31, 2021
Why large organizations still struggle with decade-old security problems - and how to fix them: A selection of key articles from leading expert and consultant JC Gaillard published on the Corix Partners blog since 2015 with updated annual editions released every year since.

See publication

Tags: Cybersecurity, Leadership, Management

Cyber Security: The Lost Decade - 2020 Edition
The Security Transformation Research Foundation
September 11, 2020
Why large organizations still struggle with decade-old security problems - and how to fix them: A selection of key articles from leading expert and consultant JC Gaillard published on the Corix Partners blog since 2015 and an update to our 2019 edition, including a full new section on the COVID pandemic and its implications.

See publication

Tags: COVID19, Cybersecurity, Leadership

Cyber Security: The Lost Decade - 2019 Edition
The Security Transformation Research Foundation
October 01, 2019
Why large organizations still struggle with decade-old security problems - and how to fix them: A selection of key articles from leading expert and consultant JC Gaillard published on the Corix Partners blog since 2015 and an update to our 2018 edition.

See publication

Tags: Cybersecurity, Leadership, Management

Cyber Security: The Lost Decade - 2018 Edition
The Security Transformation Research Foundation
November 01, 2018
Why large organizations still struggle with decade-old security problems - and how to fix them: A selection of key articles from leading expert and consultant JC Gaillard published on the Corix Partners blog since 2015 and an update to our 2017 edition.

See publication

Tags: Cybersecurity, Leadership, Management

Cyber Security: The Lost Decade - A Security Governance Handbook for the CISO and the CIO
The Security Transformation Research Foundation
September 01, 2017
Why large organizations still struggle with decade-old security problems - and how to fix them: A selection of key articles from leading expert and consultant JC Gaillard published on the Corix Partners blog since 2015

See publication

Tags: Cybersecurity, Management, Leadership

5 Coursewares
Cyber Security Leadership: The Corix Partners Library of Articles on Mix
Corix Partners
December 01, 2020

See publication

Tags: Cybersecurity, Leadership, Management

Ethical Leadership and Governance
Scoop.It
January 01, 2019
A reference resource for business leaders, at the intersection of Technology and Digital Transformation Ethics, Data Privacy, Cyber Security, Corporate Governance and Social Responsibility

See publication

Tags: Management, Leadership, Privacy

Artificial Intelligence and Cybersecurity
Scoop.It
July 01, 2018
A key resource on artificial intelligence and cyber security, exploring how AI could transform the way digital assets can be better protected, as well as the emerging threats AI could bring and what they mean for our digital future

See publication

Tags: AI, Cybersecurity, Leadership

Cybersecurity Leadership
Scoop.It
January 01, 2018
A reference resource for the CIO and the CISO on cyber security, looking beyond the technology horizon into leadership, management, culture, governance, resilience and the real dynamics of security transformation

See publication

Tags: Cybersecurity, Management, Leadership

Digital Transformation Leadership
Scoop.It
January 01, 2018
A key resource on the dynamics of digital transformation for CDOs and other senior executives, looking into corporate culture, governance, leadership and management drivers

See publication

Tags: Digital Transformation, Management, Leadership

2 Founders
The Security Transformation Research Foundation
The Security Transformation Research Foundation
September 01, 2017
The Security Transformation Research Foundation is a dedicated think-tank and research body aimed at approaching Security problems differently and producing innovative and challenging research ideas in the Security, Business Protection, Risk and Controls space

See publication

Tags: Cybersecurity, Management, Security

Corix Partners
Corix Partners
August 01, 2011
Corix Partners is a Boutique Management Consultancy Firm focused on assisting CIOs and other C-level executives in resolving Cyber Security Strategy, Organisation and Governance challenges. As independent Transformation experts with over 20 years of experience in the field, we help our clients develop strong company-wide Security practices that deliver real and lasting value.

See publication

Tags: Cybersecurity, Leadership, Management

1 Industry Badge
Fellow of the Chartered Institute of Information Security
CIISec
April 01, 2022
The Chartered Institute of Information Security (CIISec) is the only pure play information and cyber security institution to have been granted Royal Charter status and is dedicated to raising the standard of professionalism in information and cyber security.

CIISec provide a universally accepted focal point for the information cyber security profession. It is an independent not-for-profit body governed by its members, ensuring standards of professionalism for training, qualifications, operating practices and individuals.

See publication

Tags: Cybersecurity, Leadership, Management

1 Industry Council Member
Official Member & Contributor - Forbes Business Council
Forbes
February 04, 2022
Forbes Business Council is an invitation-only community for successful entrepreneurs and business leaders. Members are respected leaders and executives who are selected for the council based on the depth and diversity of experience in leadership, management, customer engagement, technology & growth.

See publication

Tags: Cybersecurity, Leadership, Management

18 Influencer Awards
Expert and Influencer - Who's Who in Cyber Security? - Onalytica
Onalytica
February 23, 2022
This report provides a varied sample of influencers split by persona who create content and talk about Cybersecurity as well as its subsets.

See publication

Tags: Cybersecurity

Influential Voice and Sub-Topic Expert - Who’s Who in Future of Work? - Onalytica
Onalytica
January 27, 2022
This report provides a varied sample of influencers split by persona who create content and talk about Future of Work as well as its subsets.

See publication

Tags: Future of Work

Best 80 Cyber Security Podcasts - The Corix Partners Cyber Security Transformation Podcast
FeedSpot
January 22, 2022
The best Cyber Security podcasts from thousands of podcasts on the web ranked by traffic, social media followers, domain authority & freshness.

See publication

Tags: Cybersecurity

Ranked # 5 - Top 50 Global Thought Leaders and Influencers on Security
Thinkers360
January 09, 2022
Here’s the Thinkers360 live leaderboard for our top 50 global thought leaders and influencers on Security for January 2022. Congratulations to all our thought leaders and experts who participated!

See publication

Tags: Security

Ranked # 50 - Top 50 Global Thought Leaders and Influencers on RPA (September 2021)
Thinkers360
September 19, 2021
Here’s the Thinkers360 live leaderboard for our top 50 global thought leaders and influencers on RPA for September 2021. Congratulations to all our thought leaders and experts who participated!

See publication

Tags: RPA

Ranked # 44 - Top 50 Global Thought Leaders and Influencers on EdTech (September 2021)
Thinkers360
September 04, 2021
Here’s the Thinkers360 live leaderboard for our top 50 global thought leaders and influencers on EdTech for September 2021. Congratulations to all our thought leaders and experts who participated!

See publication

Tags: Edtech

Ranked # 9 - Top 50 Global Thought Leaders and Influencers on Management (August 2021)
Thinkers360
August 21, 2021
Here’s the Thinkers360 live leaderboard for our top 50 global thought leaders and influencers on Management for August 2021. Congratulations to all our thought leaders and experts who participated!

See publication

Tags: Management

Social Amplifier - Risk Management - Onalytica
Onalytica
April 28, 2021
This Who’s Who report provides you with a varied sample of influential voices discussing risk management online. From Event Speakers, Industry KOLs to Researchers & Contributors, this list will help you find experts within the risk management conversation.

See publication

Tags: Risk Management

Key Opinion Leader - Data Management - Onalytica
Onalytica
January 27, 2021
Data management is composed of many different areas and this who's who report focuses on 5 main ones to give a broad overview of solutions.

See publication

Tags: Big Data

Key Opinion Leader - IoT Connectity - Onalytica
Onalytica
January 13, 2021
This ‘Who’s Who’ report aims to outline the most far-reaching voices creating content and communicating online about the potential of IoT Connectivity.

See publication

Tags: IoT

Key Opinion Leader - RPA - Onalytica
Onalytica
December 03, 2020
This ‘Who’s Who’ report has an important focus on bringing attention to the voices raising awareness and driving solutions within the RPA conversation. From individuals to organisations who are working, speaking and writing within the space.

See publication

Tags: RPA

Ranked # 49 - Top 50 Global Thought Leaders and Influencers on FinTech (June 2020)
Thinkers360
November 28, 2020
Here’s the Thinkers360 leaderboard for our top 50 global thought leaders and influencers on FinTech for November 2020.

See publication

Tags: Leadership

Ranked # 23 - Top 50 Global Thought Leaders and Influencers on COVID-19 Business Impact (June 2020)
Thinkers360
June 13, 2020
Here’s the Thinkers360 leaderboard for the top 50 global thought leaders and influencers on COVID-19 Business Impact for June 2020.

See publication

Tags: COVID19, Leadership, Management

Ranked #11 - Top 50 Global Thought Leaders and Influencers on Privacy (May 2020)
Thinkers360
May 23, 2020
Here’s the Thinkers360 leaderboard for the top 50 global thought leaders and influencers on Privacy for May 2020.

See publication

Tags: Leadership, Management, Privacy

Ranked #4 - Top 50 Global Thought Leaders and Influencers on Risk Management (March 2020)
Thinkers360
March 14, 2020
Here’s the Thinkers360 leaderboard for the top 50 global thought leaders and influencers on Risk Management for March 2020.

See publication

Tags: Leadership, Management, Risk Management

Ranked #3 - Top 50 Global Thought Leaders and Influencers on Cybersecurity (November 2019)
Thinkers360
November 21, 2019
Here’s the Thinkers360 leaderboard for the top 50 global thought leaders and influencers on Cybersecurity for November 2019.

See publication

Tags: Cybersecurity, Leadership, Management

Ranked #30 in the Refinitiv list of Top100 global social media influencers in the financial community
Refinitiv
August 15, 2019
Find out about who's driving social media conversations around disruptive innovation in the finance sector.

See publication

Tags: Fintech, Management, Leadership

Ranked #10 in the ThomsonReuters list of Top 30 Social Influencers on Risk, Compliance and Regtech in the UK
Thomson Reuters
April 24, 2017
Through their use of innovative and disruptive media, these leading 30 individuals contribute to the growth and vibrancy of this fast-moving sector in the UK

See publication

Tags: Fintech, Leadership, Risk Management

14 Media Interviews
Cyber Review: Cybersecurity The Lost Decade
CyberMaterial
May 23, 2022
JC Gaillard talks with Sofia at CyberMaterial and together they review his book "Cyber Security: The Lost Decade" which has now gone through 5 annual editions, and explore why large organisations still struggle with decade-old security problems, and what to do about it

See publication

Tags: Cybersecurity, Leadership, Management

Cyber Security: A Top-down Imperative for Schools
Thinkers360
August 02, 2021
JC Gaillard talks to Glaucia Rosas from the Edutec Alliance on how school leaders need to approach cyber security in the wake of the COVID pandemic.

See publication

Tags: Cybersecurity, Edtech, Leadership

The Role of the CISO is at a Crossroad
The Business Transformation Network
March 09, 2021
A Q&A interview with Jean-Christophe Gaillard, Leading Security influencer and Managing Director at Corix Partners, regarding the role of the CISO and how it sits within organisations today.

See publication

Tags: Cybersecurity, Leadership, Management

Cyber Security and the Board: What’s really going on?
Thinkers360
February 12, 2021
The role of the Board in relation to cyber security is a topic which is widely discussed amongst security communities on social media. We have asked Corix Partners founder and global cyber security influencer JC Gaillard to give us his views on this matter which he has been following closely since 2015.

See publication

Tags: Cybersecurity, Leadership, Management

Thinkers360 Predictions Series – 2021 Predictions for Cybersecurity
Thinkers360
November 08, 2020
Thinkers360 asked a selection of global thought leaders and influencers about their predictions for cybersecurity in 2021. Here’s what they told them…

See publication

Tags: Cybersecurity, Leadership, Risk Management

Cyber Security, Risk, Silver Bullets and Covid-19
The Business Transformation Network
September 01, 2020
A Q&A interview with Jean-Christophe Gaillard, Leading Security influencer and Managing Director at Corix Partners, regarding cybersecurity in an age of COVID.

See publication

Tags: COVID19, Cybersecurity, Leadership

Does the role of the “Virtual CISO“ make any sense? - An interview with leading cybersecurity influencer and founder of Corix Partners, JC Gaillard
Thinkers360
July 22, 2020
Faced by constant reports of cyber-attacks in the media, most small and medium-size organisations have woken up to the reality of cyber threats over the past few years. Many still don’t really know what to do to protect themselves and turn to “virtual CISO” services for assistance. While this is better than doing nothing or relying blindly on the security of cloud providers, those externalised, part-time services – often delivered remotely – are rarely the magic bullet they pretend to be…

See publication

Tags: Cybersecurity, Leadership, Management

The Hard Truth Around Cyber Security Awareness Programs - An interview with Jean-Christophe Gaillard, Managing Director and Founder, Corix Partners
Thinkers360
May 01, 2020
We often hear that “cyber security must be everybody’s responsibility”; what does that mean in practice?

See publication

Tags: Cybersecurity, Management, Leadership

Onalytica: Interview with JC Gaillard - Top influencer in Cyber Security Strategy, Organisation and Governance
Onalytica
April 24, 2020
"I am passionate about helping the cyber security industry move forward. It is shocking to see cyber security maturity levels so low in many firms in spite of the billions spent – collectively – on technical security products across the last two decades. That’s not because those don’t work; it’s because they are rarely properly deployed or used: Too many organisations have been focusing for too long on non-existent quick wins around cyber security, and on technology, instead of putting people and process first. The roadblocks that have been preventing progress are rooted in culture and governance. And endemic corporate short-termism. Cyber security transformation requires a coherent leadership vision, long-term action and relentless drive to succeed."

See publication

Tags: Cybersecurity, Management, Leadership

The State of Cyber Security
CIO Water Cooler
December 16, 2019
David Savage from TechTalks sits down with Jean-Christophe Gaillard on the CIO Water Cooler TV, as he reflects on over 20 years of growth in the cybersecurity sector: How the cybersecurity model has changed from one of risk and compliance to real-life inevitability.

See publication

Tags: Cybersecurity, Management, Leadership

Thinkers360 Predictions Series – 2020 Predictions for Cybersecurity
Thinkers360
November 23, 2019
Having recently published their Top 50 Global Thought Leaders and Influencers on Cybersecurity, Thinkers360 asked a selection of their global influencers about their predictions for Cybersecurity in 2020. Here’s what they told them…

See publication

Tags: Cybersecurity, Management, Leadership

How to win the Fintech talent war
Refinitiv
October 31, 2019
A Fintech talent war is pitching corporations against startups in pursuit of the AI skills required for the digital transformation of financial services. The #RefinitivSocial100 thought leaders discuss hiring, retaining and educating data science talent.

See publication

Tags: Fintech, Leadership, Management

Are We Spending Enough on Cyber?
CyberTalks
June 15, 2019
Jean-Christophe Gaillard, Managing Director and Founder, Corix Partners talks to Karla Reffold on CyberTalks about what makes a good CISO. He explains how the role of the CISO is evolving, how the reporting line should work, & why the "when-not-if" paradigm is changing the game: A good CISO needs to be able to articulate security in the language of all the business stakeholders.

See publication

Tags: Cybersecurity, Leadership, Management

GDPR Cyber Security and Cyber Resilience
Aphaia
April 21, 2017
We discussed GDPR cyber security aspects with Richard Preece and Jean-Christophe Gaillard. The two experts share their views on why GDPR can be a catalyst around data security challenges.

See publication

Tags: Leadership, Management, Privacy

8 Panels
European Cybersecurity Job Market and the Gender Perspective
Kuppinger Cole
November 10, 2020
JC Gaillard, Founder and Managing Director, Corix Partners participated in a panel discussion as part of the Cybner Security Leadership Summit hosted by Kuppinger Cole. The discussion focused on the state of the European cybersecurity job market, the importance of gender diversity and the relevance of the skills gap considerations, as a follow up to JC's presentation in the morning. Other panelists included Rayna Stamboliyska, VP Governance & Public Affairs at Yes We Hack , and the panel was facilitated by Anett Mádi-Nátor,
President / Deputy CEO responsible for Strategic Business Development, Women4Cyber Foundation / Cyber Services Plc.

See publication

Tags: Cybersecurity, Diversity and Inclusion, Leadership

#RefinitivSocial100 Perspectives UK Breakfast Roundtable
Refinitiv
September 18, 2019
JC Gaillard, Founder and Managing Director, Corix Partners attended a breakfast roundtable hosted by Refinitiv Head of Innovation Amanda West, and attended by CEO David Craig and Head of Strategy Ben Shepherd. The roundtable focused on fintech and AI, and was also attended by other members of the #RefinitivSocial100 panel: Neira Jones, David Doughty, Steve Cook, Timo Dreger, Liz Lumley, Susanne Chishti, Xavier Gomez and Jim McClelland

See publication

Tags: AI, Fintech, Leadership

Cyber Risk across the Supply Chain
IRT System X
June 25, 2019
JC Gaillard, MD & Founder, Corix Partners, facilitated a panel discussion on cyber risk across the supply chain in Paris on 25th June 2019 at a conference organised by IRT SystemX in collaboration with the French Insurance Federation.

See publication

Tags: Cybersecurity, Leadership, Risk Management

Cyber Security and The Promises of Predictive Risk Analysis
G9+
September 19, 2018
JC Gaillard, MD & Founder, Corix Partners, represented Corix Partners on a panel of experts on 19th September 2018 in Paris at a conference hosted by G9+ Institute and sponsored by Verizon on the theme “Cyber Security and The Promises of Predictive Risk Analysis”

See publication

Tags: Cybersecurity, Leadership, Risk Management

GDPR: The Final Hurdles
Telecom Evolution
December 12, 2017
JC Gaillard, MD & Founder, Corix Partners, animated a panel discussion at a Telecom Paris Talk conference in Paris on 12th December 2017. The event was focused on how to approach the final hurdles towards GDPR compliance with the 25 May 2018 deadline already in sight, and speakers included Claire Levallois-Barth, Garance Mathias, Amandine Kashani-Poor, David Hozé and Patricia del Carmen.

See publication

Tags: Cybersecurity, Leadership, Privacy

Data Protection: Compliance and Governance in the Face of an Exploding Cyber Criminality
G9+
July 04, 2017
JC Gaillard, MD & Founder, Corix Partners, represented Corix Partners on a panel of experts on 4th July 2017 in Paris at a conference hosted by G9+ Institute and sponsored by Verizon on the theme “Data Protection: Compliance and Governance in the Face of an Exploding Cyber Criminality”

See publication

Tags: Cybersecurity, Leadership, Privacy

Ransomware: The evolution of the threat, how firms can protect themselves, and how best to react
FIC
January 25, 2017
JC Gaillard, MD & Founder, Corix Partners, animated a panel discussion at the FIC 2017 conference in Lille, France on 25th January 2017. The panel theme was focused on Ransomware, the evolution of those threats, how firms – large and small – can protect themselves, and how best to react to such incidents.

See publication

Tags: Cybersecurity, Leadership, Management

The Evolution of the Cyber Security Profession in the face of the Digital Transformation of the Enterprise and Society
Telecom Evolution
November 09, 2016
JC Gaillard, MD & Founder, Corix Partners, animated a panel discussion at a Telecom Paris Talk conference in Paris on 9th November 2016. The event was focused on the evolution of the cyber security profession in the face of the digital transformation of the enterprise and society, and speakers included included Jean-Marie Lapeyre, CISO EMEA (General Motors), Alain Bouille, CISO (Caisse des Depots), Jean-Claude Laroche, Group CIO (EDF), and Mylene Jarossay, CISO (LVMH).

See publication

Tags: Cybersecurity, Leadership, Management

47 Podcasts
The Corix Partners Cyber Security Transformation Podcast - Series 3 - EPISODE 8 - Looking back at "The CIO Guide to a Successful Cyber Security Practice"
Corix Partners
June 28, 2022
JC Gaillard reaches the final part in the re-examination of his 2015 series titled "The CIO Guide to a Successful Cyber Security Practice"; in this episode, why it is key to think in terms of process first when architecting a cyber security practice, and not in terms of technical tools

See publication

Tags: Cybersecurity, Leadership, Management

The Corix Partners Cyber Security Transformation Podcast - Series 3 - EPISODE 7 - Looking back at "The CIO Guide to a Successful Cyber Security Practice"
Corix Partners
June 21, 2022
JC Gaillard reaches the 7th key management pitfall to avoid in his re-assessment of his 2015 series of articles entitled "The CIO Guide to a Successful Cyber Security Practice"; in this episode, why it is key to look at cyber security as a structured practice, and not just a collection of tactical activities and technical projects

See publication

Tags: Cybersecurity, Leadership, Management

The Corix Partners Cyber Security Transformation Podcast - Series 3 - EPISODE 6 - Looking back at "The CIO Guide to a Successful Cyber Security Practice"
Corix Partners
June 14, 2022
JC Gaillard reaches a key point in his journey through the 8 key management pitfalls for CIOs and CTOs to avoid when building or rebuilding cyber security practices; in this episode, why it is key to see cyber security not just as a technology discipline, and to build it as a cross-sile practice from the start

See publication

Tags: Cybersecurity, Leadership, Management

The Corix Partners Cyber Security Transformation Podcast - Series 3 - EPISODE 5 - Looking back at "The CIO Guide to a Successful Cyber Security Practice"
Corix Partners
June 07, 2022
JC Gaillard moves onto his 5th key management pitfall to avoid when building or rebuilding effective and efficient cyber security practices; in this episode, why it is key to think in terms of operating model and work with all stakeholders including HR, in the definition and distribution of cyber security accountabilities and responsibilities

See publication

Tags: Cybersecurity, Leadership, Management

The Corix Partners Cyber Security Transformation Podcast - Series 3 - EPISODE 4 - Looking back at "The CIO Guide to a Successful Cyber Security Practice"
Corix Partners
May 31, 2022
JC Gaillard continues his re-examination of his 2015 series of articles titled "The CIO Guide to a Successful Cyber Security Practice"; in this episode, why it is key to look beyond the short term and think in terms of process to drive effective and lasting change

See publication

Tags: Cybersecurity, Leadership, Management

The Corix Partners Cyber Security Transformation Podcast - Series 3 - EPISODE 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice"
Corix Partners
May 24, 2022
JC Gaillard continues exploring and updating his 2015 series on the "CIO Guide to a Successful Cyber Security Practice"; in this episode, why throwing money at the problem is rarely the solution to maturity development around cyber security and why trust is paramount in the relation between the CISO and senior execs

See publication

Tags: Cybersecurity, Leadership, Management

The Cyber Security Transformation Podcast - Series 3 - EPISODE 2 - Looking back at "The CIO Guide to a Successful Cyber Security Practice"
Corix Partners
May 17, 2022
JC Gaillard continues to look back at his 2015 articles series "The CIO Guide to a Successful Cyber Security Practice" and highlights why risk management alone can no longer be the beating heart of cyber security practices

See publication

Tags: Cybersecurity, Leadership, Management

The Cyber Security Transformation Podcast - Series 3 - EPISODE 1 - Looking back at "The CIO Guide to a Successful Cyber Security Practice"
Corix Partners
May 10, 2022
JC Gaillard looks back at his 2015 series of articles published on the Corix Partners blog under the title of "The CIO Guide to a Successful Cyber Security Practice"; in this episode, he re-examines the first pitfall to avoid for CIOs and why cyber security cannot just be seen as an "enabler"

See publication

Tags: Cybersecurity, Leadership, Management

The Cyber Security Transformation Podcast - Series 2 - EPISODE 15 - A Look Back at the log4j Incident
Corix Partners
February 03, 2022
JC Gaillard is joined by Chris Burtenshaw from Strata Security to discuss how the log4j incident unfolded and was handled, and the lessons that can be learnt from the past few months

See publication

Tags: Cybersecurity, Leadership, Management

The Role of the CISO in a Digitally Transformed Organisation
techUK
January 19, 2022
A closer look the topics covered and recommendations made in the second report in techUK’s Cyber People Series.

See publication

Tags: Cybersecurity, Leadership, Management

The Cyber Security Transformation Podcast - Series 2 - EPISODE 14 - Where Are We Now With GDPR?
Corix Partners
January 11, 2022
JC Gaillard is joined by Cristina Contero from Aphaia to follow up on earlier podcasts episodes on GDPR and review what has changed over the past 6 to 8 months since our last podcast on the theme with Bostjan Makarovic

See publication

Tags: Leadership, Management, Privacy

The Cyber Security Transformation Podcast - Series 2 - EPISODE 13 - A Look Back at Cyber Security in 2021
Corix Partners
December 30, 2021
JC Gaillard is joined again by guest Steve Lamb, who animated the launch of the first series of the podcast last year; together they look back at the drivers that have shaped cyber security throughout 2021, and more generally throughout the COVID pandemic

See publication

Tags: Cybersecurity, Leadership, Management

The Cyber Security Transformation Podcast - Series 2 - EPISODE 12 - Cyber Security, Governance & Risk for the Digital Age
Corix Partners
November 02, 2021
JC Gaillard is joined by Richard Preece, Founder & Director, DA Resilience to discuss how the pandemic has affected cybersecurity governance, controls appetite and risk management from the Board down, and how exponential changes over the next decade are going to impact those trends

See publication

Tags: Cybersecurity, Leadership, Management

The Cyber Security Transformation Podcast - Series 2 - EPISODE 11 - Cyber Security, the CISO and the CIO: Seeing it From Both Sides of the Fence
Corix Partners
September 30, 2021
JC Gaillard is joined by Natasha McCabe to discuss the leadership lessons which can be learned from having held both CISO and CIO roles, and having seen cyber security from the two sides of the fence

See publication

Tags: Cybersecurity, Leadership, Management

The Cyber Security Transformation Podcast - Series 2 - EPISODE 10 - Oscar O'Connor and JC Gaillard on Security Transformation, Covid-19, People and Trust
Corix Partners
August 12, 2021
JC Gaillard is joined by Oscar O'Connor to discuss "Playing the Triangles", his latest piece on the Corix Partners blog: A reflection on business and security transformation dynamics in the post-covid era

See publication

Tags: Cybersecurity, Management, Security

The Cyber Security Transformation Podcast - Series 2 - EPISODE 9 - Looking Back at the Cyber Security Skills Gap: Real Problem or Self-inflicted Pain?
Corix Partners
July 19, 2021
JC Gaillard is joined by Rayna Stamboliyska to look back at the cyber security skills back, its implications and how to address it through better talent management, clearer career paths and a greater emphasis on diversity

See publication

Tags: Cybersecurity, Leadership, Management

The Cyber Security Transformation Podcast - Series 2 - EPISODE 8 - The Impact of the COVID Pandemic on Cyber Insurance: What has changed and what to expect?
Corix Partners
July 06, 2021
JC Gaillard is joined with Hani Banayoti from CyberSolace to explore the impact the COVID-19 pandemic has had on the cyber insurance sector and what can be expected going forward in terms of new dynamics

See publication

Tags: Cybersecurity, Leadership, Management

The Cyber Security Transformation Podcast - Series 2 - EPISODE 7 - Cyber Security Career Paths: How do you bridge between security roles and IT management roles?
Corix Partners
June 15, 2021
JC Gaillard is joined by Alexa Glynn, from Rabobank Australia & New Zealand, to discuss how you transition from security roles into IT management roles and why security professionals don't have to feel condemned to hopping between security jobs

See publication

Tags: Cybersecurity, Leadership, Management

The Cyber Security Transformation Podcast - Series 2 - EPISODE 6 - GDPR and the Schrems II ruling: Where are we now around data transfers between the EU and the US?
Corix Partners
May 25, 2021
JC Gaillard is joined again by guest Bostjan Makarovic from Aphaia to discuss the impact of the Schrems II ruling on GDPR compliance and data transfers between the EU and the US

See publication

Tags: Cybersecurity, Leadership, Privacy

The Cyber Security Transformation Podcast - Series 2 - EPISODE 5 - IT Security vs. OT Security: What's the state of play?
Corix Partners
April 20, 2021
JC Gaillard is joined by cyber security expert Steven O'Sullivan to explore the issues surrounding IT and OT convergence and their implications for cyber security at large across industry sectors

See publication

Tags: Cybersecurity, Innovation, Leadership

The Cyber Security Transformation Podcast - Series 2 - EPISODE 4 - Observability: What does it really mean for cyber security?
Corix Partners
March 30, 2021
JC Gaillard is joined by Chris Burtenshaw from Strata Security; together they explore the meaning of observability in the cyber security space: Is it just hype over substance? or is there more to it than meet the eye?

See publication

Tags: Cybersecurity, Innovation, Leadership

The Role of CISO is at a Crossroads
The Business Transformation Network
March 16, 2021
Why is the role of the CISO at a crossroads? This episode of The BTN podcast is a conversation with Jean-Christophe Gaillard, Founder and Managing Director at Corix Partners, looking at the role of CISO in modern businesses, how the role has changed, the interdependence between the CSO and CISO and much more.

See publication

Tags: Cybersecurity, Leadership, Management

The Cyber Security Transformation Podcast - Series 2 - EPISODE 3 - Where are we now with GDPR?
Corix Partners
March 09, 2021
JC Gaillard is joined by Bostjan Makarovic from Aphaia for a great discussion on GDPR, the size of fines and role of regulators, the risk of irrelevance they may face if they keep things imbalanced, and the impact of the Schrems II ruling

See publication

Tags: Leadership, Management, Privacy

Where should the CISO role sit in an organisation to be most effective?
techUK
March 01, 2021
A closer look at the recommendations made in the techUK "CISO at the C-Suite" report published in December 2020, with key contributors Jean-Christophe Gaillard and Jason Tooley.

See publication

Tags: Cybersecurity, Leadership, Management

The Cyber Security Transformation Podcast - Series 2 - EPISODE 2 - Resilience: What Does It Really Mean in Business Terms?
Corix Partners
February 25, 2021
JC Gaillard is joined by experienced operational resilience consultant Nick Simms to explore what resilience really means in business terms and where cyber resilience needs to fit within a broader business resilience framework

See publication

Tags: Business Continuity, Cybersecurity, Leadership

The Cyber Security Transformation Podcast - Series 2 - EPISODE 1 - How to Frame the Cyber Security Conversation at Board Level?
Corix Partners
February 16, 2021
JC Gaillard is joined by Richard Preece, director of DA Resilience, to explore how best to frame the conversation at Board level around cyber security in order to engineer effective and efficient engagement and top-down dynamics

See publication

Tags: Cybersecurity, Leadership, Management

The Cyber Security Transformation Podcast - EPISODE 20 - What did we learn about cyber in the crazy year that was 2020?
Corix Partners
December 11, 2020
By any account the last year has been crazy. So much had to change so quickly and that included cyber security. In this episode we discuss the key lessons learned about security and privacy.

See publication

Tags: COVID19, Cybersecurity, Leadership

Cybersecurity, Risk, Silver Bullets and COVID-19
The Business Transformation Network
December 08, 2020
"This isn't just about risk anymore." This episode of The BTN podcast is a conversation with Jean-Christophe Gaillard, Founder and Managing Director at Corix Partners, on cybersecurity and risk, silver bullets and the effects of COVID-19. This conversation looks at cybersecurity in displaced organisations, the relationship between risk and cybersecurity, the impact of COVID-19 on the state of businesses cybersecurity and much more.

See publication

Tags: COVID19, Cybersecurity, Risk Management

The Cyber Security Transformation Podcast - EPISODE 19 - Digital transformation: Is the role of the CISO becoming an outdated concept?
Corix Partners
November 27, 2020
COVID has led many organizations to rush their provision or remote access to their employees and many have accelerated their digital transformation programmes. We discuss the role of the CISO in this context.

See publication

Tags: Cybersecurity, Digital Transformation, Leadership

The Cyber Security Transformation Podcast - EPISODE 18 - Ransomware: Why is defense in depth so important?
Corix Partners
November 20, 2020
We discuss a recent survey that reveals the continued prevalence of ransomware and the shocking amount that organizations typically pay.

See publication

Tags: Cybersecurity, Leadership, Management

The Cyber Security Transformation Podcast - EPISODE 17 - How to embed security and privacy on the board agenda?
Corix Partners
November 13, 2020
In this episode we discuss the need for top down engagement by the board to bring life into the to security and privacy strategy of their organisation. We look at the importance of embedding these important considerations into the Environmental, Social and Governance (ESG).

See publication

Tags: Cybersecurity, Leadership, Privacy

The Cyber Security Transformation Podcast - EPISODE 16 - GDPR: When are the regulators going to show their muscles?
Corix Partners
November 06, 2020
Following the recent announcement from the ICO of significantly reduced fines for BA and Marriott the question has to be asked "Where are the landmark cases of fines in the order of 4% of revenue for huge scale breaches?". Clearly during the pandemic the travel and hospitality industries are under great financial strain but since GDPR came in over two years ago there haven't been any fines that have been anywhere near the expected magnitude.

See publication

Tags: Cybersecurity, Leadership, Privacy

The Cyber Security Transformation Podcast - EPISODE 15 - From Cyber Security Awareness to Genuine Cultural Change: What do you need to make this work?
Corix Partners
October 23, 2020
We’re joined by Zsuzsanna Berenyi from the London Stock Exchange Group who shares her experience on how to drive cultural change to embed security awareness into organizations.

See publication

Tags: Cybersecurity, Leadership, Management

The Cyber Security Transformation Podcast - EPISODE 14 - Where are we with Cyber Insurance?
Corix Partners
October 16, 2020
In this episode we are joined by Hani Banayoti (hani.banayoti@cybersolace.co.uk) from Cyber Solace to discuss the ways in which the cyber insurance market has changed over the last ten years. We look at the drivers towards organisations choosing to pay for cyber insurance, it's role in helping them keep the lights on if they are breached and the trends with regard to ransomware and GDPR.

See publication

Tags: Cybersecurity, Leadership, Management

The Cyber Security Transformation Podcast - EPISODE 13 - Why it’s important for CISOs not to get lost firefighting
Corix Partners
October 09, 2020
Incoming CISOs clearly have to identify and put out fires. In this episode we discuss why many CISOs get stuck in this phase. We look at ways to enable transformative change.

See publication

Tags: Cybersecurity, Leadership, Management

The Cyber Security Transformation Podcast - EPISODE 12 - Why Should Security and Privacy be Included in the MVP of Startups
Corix Partners
October 02, 2020
We discuss why it’s important to think carefully about how to ensure the Minimum Viable Product (MVP) software written by startups pays attention to the requirements of privacy and security

See publication

Tags: Cybersecurity, Innovation, Startups

The Cyber Security Transformation Podcast - EPISODE 11 - How to Address the Proliferation of Security Tools
Corix Partners
September 25, 2020
Chris Burtenshaw, CEO of Strata Security joins us to discuss how many organizations have far too many security products and how to address the complexity and management overhead they often bring.

See publication

Tags: Cybersecurity, Innovation, Leadership

The Cyber Security Transformation Podcast - EPISODE 10 - Cyber Security Skills Gap - What Skills Gap?
Corix Partners
September 11, 2020
We discuss the extent to which there are opportunities in the cyber industry and how to encourage people to join

See publication

Tags: Cybersecurity, Leadership, Management

The Cyber Security Transformation Podcast - EPISODE 9 - Where are we with GDPR?
Corix Partners
September 04, 2020
Given the financial strain caused by COVID-19 which has been especially severe on the hospitality and airline sectors the likelihood of large fines being imposed on Marriot and BA looks low - what does this mean for compliance?

See publication

Tags: Cybersecurity, Leadership, Privacy

The Cyber Security Transformation Podcast - EPISODE 8 - Is it the right time to adopt Zero Trust Networking?
Corix Partners
August 14, 2020
Zero Trust Networking promises much and is being touted extensively... how much sense does it make at the moment?

See publication

Tags: COVID19, Cybersecurity, Leadership

The Cyber Security Transformation Podcast - EPISODE 7 - Ransomware: Key Elements to Bear in Mind and How to Respond
Corix Partners
August 07, 2020
The threat to business continuity posed by malicious actors using ransomware isn’t new but it’s causing pain to many. The most recent high profile attack was on Garmin - a company Steve relies upon to help with his marathon training

See publication

Tags: Cybersecurity, Management, Leadership

The Cyber Security Transformation Podcast - EPISODE 6 - The Importance of Data Privacy
Corix Partners
July 24, 2020
In this episode we discuss the need for privacy to be carefully considered and for appropriate controls to be applied together with the challenges for GDPR regulators in light of the COVID pandemic.

See publication

Tags: Cybersecurity, Leadership, Privacy

The Cyber Security Transformation Podcast - EPISODE 5 - Does the Role of the Virtual CISO Make Any Sense?
Corix Partners
July 17, 2020
Faced by constant reports of cyber-attacks in the media, most small and medium-size organisations have woken up to the reality of cyber threats over the past few years. Many still don’t really know what to do to protect themselves and turn to “virtual CISO” services for assistance. While this is better than doing nothing or relying blindly on the security of cloud providers, those externalised, part-time services – often delivered remotely – are rarely the magic bullet they pretend to be…

See publication

Tags: Cybersecurity, Leadership, Management

The Cyber Security Transformation Podcast - EPISODE 4 - The Hard Truth Around Cyber Security Awareness Programmes
Corix Partners
July 10, 2020
In this episode, we discuss how to bring constructive change by culture and top down leadership

See publication

Tags: Cybersecurity, Management, Leadership

The Cyber Security Transformation Podcast - EPISODE 3 - The Tenure of CISOs
Corix Partners
July 03, 2020
We discuss the likely reasons for the trend towards CISOs having short tenure

See publication

Tags: Cybersecurity, Leadership, Management

The Cyber Security Transformation Podcast - EPISODE 2 - Ensuring Security and Privacy for Bespoke Software
Corix Partners
June 26, 2020
We discuss the challenges of ensuring that code that’s written either in-house or commissioned from a third party follows the Security Development Life Cycle

See publication

Tags: Cybersecurity, Leadership, Risk Management

The Cyber Security Transformation Podcast - EPISODE 1 - COVID-19, Cyber Security and Budgets
Corix Partners
June 19, 2020
A weekly independent podcast with a different take on what’s happening in the cyber security industry: Drawing on decades of real-life experience, JC Gaillard, Steve Lamb and their guests share their views in a weekly podcast on both the interesting news stories and their own experiences of the week.

See publication

Tags: Cybersecurity, Leadership, COVID19

3 Quotes
15 Ways To Leverage And Supplement AI In Your Cybersecurity Efforts
Forbes
May 05, 2022
Leaders need to ensure that sensitive information cannot be breached and that important data remain protected. Artificial intelligence can be an incredibly helpful tool in a company's arsenal for warding off cyber threats. A panel of Forbes Business Council members named 15 things a business leader can do to leverage and supplement AI capabilities for cyber security.

See publication

Tags: Cybersecurity

On A Budget? Follow These 15 Affordable Content Marketing Strategies
Forbes
April 27, 2022
To help entrepreneurs maximize their efforts without breaking the bank, 15 members of Forbes Business Council shared their most engaging, affordable content marketing strategies to try out.

See publication

Tags: Marketing

Fortune 500 CISOs Play Musical Chairs
Cybercrime Magazine
August 27, 2021
Surging damages from cybercriminal attacks have driven the salaries of information security officers (CISOs) through the roof, with some companies offering seven-figure salaries to attract the right talent. So why is it so hard to keep CISOs in the job?

Jean-Christophe Gaillard, managing director and founder of management consultancy firm Corix Partners, believes many CISOs have suffered from a lack of role definition and support by company executives that are often all too happy to leave the CISO holding the bag when things go wrong.

“Many CISO positions were created in response to rampant cyber threats across the last decade in industries which never had such roles in place,” he argues.

“They were created tactically with the operational objective of preventing breaches, by senior executives who didn’t really understand the context and the transversal complexity involved in the cyber protection of large organizations.”

This had left CISOs fighting perpetually in reactive mode, and prevented them from developing the leadership and management skills needed to make the CISO role more strategic and high-level.

“Many CISOs struggled with limited resources and constant attacks, and never managed to build a meaningful narrative with management beyond mere firefighting,” Gaillard explains. “They were prevented from developing the softer skills, the personal gravitas, the political acumen, which are key to delivering complex initiatives in large firms.”

See publication

Tags: Cybersecurity

6 Speaking Engagements
Cyber Security: A Look Across Two Decades - Cyber Security Leadership Summit, Berlin, Germany - Nov 12-14 2019
Kuppinger Cole
November 14, 2019
Research released by The Security Transformation Research Foundation at the Cyber Security Leadership Summit in Berlin on 12-14 November 2019, highlights significant trends in the way the language of security has evolved across the last 2 decades.

See publication

Tags: Cybersecurity, Management, Leadership

Security and Privacy in the "When-Not-If" Era - EIC 2019, Munich, Germany - May 14-17 2019
Kuppinger Cole
May 15, 2019
Beyond a mere equation between risk appetite, compliance and costs, cybersecurity is becoming a matter of good corporate governance, good ethics, and quite simply – good business. The Board, which is ultimately accountable for cyber resilience, must own it and drive it as a key pillar of any firm Environmental, Social and Governance (ESG) strategy

See publication

Tags: Cybersecurity, Management, Leadership

Three Factors Marginalising the Historical Role fo the CISO - Cyber Security Leadership Summit, Berlin, Germany - Nov 12-14 2018
Kuppinger Cole
November 14, 2018
Far from being reinforced by the constant avalanche of cyberattacks and data breaches of the past few years, the CISO role is still rarely a true C-level function and is being marginalised by a number of long term trends: Is the CISO an outdated concept? And what to do about it?

See publication

Tags: Cybersecurity, Management, Leadership

Why are we still talking about the reporting line of the CISO? - SASIG, London, UK - May 8 2018
SASIG
May 08, 2018
Why are so many organisations and security professionals still worried about the reporting line of the CISO? This is one of the oldest and most consistent debate agitating the security industry, and it looks far from resolved.

See publication

Tags: Cybersecurity, Leadership, Management

"Rethinking and Rewiring Infosec": How Large Firms Must Approach Cyber Security Challenges - Digital Finance World, Frankfurt, Germany - Feb 28 / Mar 1 2018
Kuppinger Cole
February 28, 2018
Looking back at the cybersecurity events of the last year, what they can teach us from a management perspective, and how to build an effective and efficient cybersecurity practice for the current age, looking beyond the technology horizon, into strategy, governance, corporate culture and the real dynamics of transformation

See publication

Tags: Cybersecurity, Leadership, Management

Cyber Security Organisation and Governance > Rethinking and Rewiring Infosec - London, UK - Sep 28 2017
CIO Water Cooler
September 28, 2017
It is true that it is one thing – complex enough – to lead and deliver the cyber security transformation of an organisation that has reached the point where it knows it needs to change, but it is another one – equally complex – to create the condition for such realisation to take place.

See publication

Tags: Cybersecurity, Management, Leadership

10 Videos
How to manage the mounting cyber security technical debt?
Corix Partners
June 23, 2022
Watch a replay of this video presentation on 23 June 2022 at the Digital Leaders Week

With survey after survey highlighting the toll taken by toolkit proliferation on SOC efficiency and analysts mental health, have we come to the point where organisations have to stop buying more tech for the sake of it and start focusing on the decluttering of their cyber security landscape?

JC Gaillard and Chris Burtenshaw from Strata Security explore the dynamics which have driven large organisations over the past 2 decades towards buying more and more security tech, and what can be done today to help them make the most of what they have, in a context of escalating threats and increasing skills scarcity

See publication

Tags: Cybersecurity, Leadership, Management

The CybersecurityInsider Episode 26 - JC Gaillard - Founder & Managing Director - Corix Partners
The CybersecurityInsider
January 19, 2022
Yigal and JC look back at a number of cybersecurity subjects ranging from security in the Cloud, to Supply Chain & MSP, Digital Transformation, Shadow IT and much more...

See publication

Tags: Cybersecurity, Leadership, Management

Looking Back at the Reporting Line of the CISO
Corix Partners
November 14, 2021
Watch a replay of my talk on 11 November 2021 at the Cyber Security Leadership Summit 2021 here on the Corix Partners YouTube channel

The reporting line of the CISO seems to be one of the oldest topic of discussion amongst cyber security professionals, but why are we still here talking about it ???

The right reporting line is the one that works. Period.

See publication

Tags: Cybersecurity, Leadership, Management

Cyber Security: The Operational Illusion
Corix Partners
November 11, 2021
Watch a replay of my talk on 11 November 2021 at the Cyber Security Leadership Summit 2021 here on the Corix Partners YouTube channel

Security culture and governance eat tech for breakfast: Only the embedding of security values in corporate culture and corporate governance can drive the transformative efforts around cyber security, that will lead ultimately to effective cyber resilience.

See publication

Tags: Cybersecurity, Leadership, Management

The Cyber Pro Podcast Episode 121 - JC Gaillard - Founder and Managing Director - Corix Partners
The CyberPro Podcast
August 31, 2021
Jean-Christophe looks back at transformational dynamics across the cyber security industry and why defence in depth is key to face current threats

See publication

Tags: Cybersecurity, Leadership, Management

In Conversation with JC Gaillard, Cybersecurity Specialist and Founder of Corix Partners
Edutec Alliance
August 17, 2021
Watch JC Gaillard talk to Glaucia Rosas from the Edutec Alliance about the importance for school leaders to understand cyber issues that can affect schools and shares corporate best practices that they can adopt to avoid data breach and ransomware attacks.

See publication

Tags: Cybersecurity, Edtech, Leadership

The Cyber Security Skills Gap: Real Problem or Self-Inflicted Pain ?
Corix Partners
November 10, 2020
Watch a replay of my talk on 10 November 2020 at the Cyber Security Leadership Summit 2020 here on the Corix Partners YouTube channel

You don’t have to go far these days to find security professionals complaining about skills shortages, and countless media outlets relaying their views. But there are at least two sides to this argument and the situation requires a more balanced approach. The security industry needs to rebuild its narrative to attract more raw talent at all levels.

See publication

Tags: Cybersecurity, Leadership, Management

Budgeting for Cyber Security post-COVID: Three Golden Rules for the C-Suite
Corix Partners
October 14, 2020
Watch a replay of my talk on 14 October 2020 at the Digital Leaders Week here on the Corix Partners YouTube channel

The COVID crisis is presenting most businesses with unprecedented situations – for good, bad or worse. One thing the pandemic has not pushed off the radar, is cyber security. As a matter of fact, the volume of cyber-attacks increased to “alarming levels” according to Interpol during the heart of the crisis. For businesses now totally dependent on remote working, e-commerce or digital supply chains, a serious security breach is the last thing they want… CEOs, CFOs and CIOs should not jump to ready-made conclusions around cyber security ahead of their next budgeting round. The talk is focused on three golden rules for them to consider as they plan ahead.

See publication

Tags: COVID19, Cybersecurity, Leadership

The State of Cyber Security
CIO Water Cooler
December 16, 2019
David Savage from TechTalks sits down with Jean-Christophe Gaillard on the CIO Water Cooler TV, as he reflects on over 20 years of growth in the cybersecurity sector: How the cybersecurity model has changed from one of risk and compliance to real-life inevitability.

See publication

Tags: Cybersecurity, Leadership, Management

Are we spending enough on Cyber Security?
Corix Partners
June 15, 2019
Jean-Christophe Gaillard, Managing Director and Founder, Corix Partners talks to Karla Reffold about what makes a good CISO. He explains that companies are now asking “Are we spending enough on Cyber Security?” and that a good CISO needs to be able to articulate security in the language of all the business stakeholders.

See publication

Tags: Cybersecurity, Privacy, Risk Management

7 Webinars
From Cyber Security to Cyber Resilience
Telecom Paris Alumni
April 13, 2022
Co-facilitation of this webinar with Telecom Paris Alumni on cyber resilience, what it means in relation to cyber security, how it can be articulated with enterprise operational resilience, and why it has surged to such prominence over the past 2 years

See publication

Tags: Cybersecurity, Leadership, Management

Organization Reporting Lines to Optimize Information Security
Association for Data and Cyber Governance
October 27, 2021
Watch a replay of this Webinar organised in partnership with the Association for Data and Cyber Governance on 27 October 2021 here on the Corix Partners YouTube channel

The topic of the reporting line of the CISO is probably one of the oldest topics of discussion amongst cyber security communities. But why are we still here talking about it? JC Gaillard, from Corix Partners, looks back at his experience of over 20 years on the matter and his various publications on the theme and explains why the right reporting line is key to success for the CISO but separation of duties considerations cannot rule alone.

See publication

Tags: Cybersecurity, Leadership, Management

Maximising Infosec Efficiency Post COVID-19
Strata Security
June 11, 2020
A webinar exploring how post COVID-19, with more remote working, it has become more crucial than ever to manage security efficiently across rapidly shifting environments.

See publication

Tags: Cybersecurity, Leadership, COVID19

Digital Footprint: Opportunity or Vulnerability?
Telecom Paris Alumni
April 30, 2020
Co-facilitation of this webinar with Telecom Paris Alumni on cyber threats and how they can target and use your digital footprint to cause harm

See publication

Tags: Cybersecurity, Leadership, Management

COVID-19, Remote Working and Cyber Attacks: What really matters...
CIO Water Cooler
April 15, 2020
A Q&A session in the light of the COVID-19 crisis, with CIO Water Cooler Expert Contributor and Corix Partners founder JC Gaillard, and ex PwC consultant and head of cyber consulting for Europe at Rapid7 Steve Lamb

See publication

Tags: Cybersecurity, Management, Leadership, COVID19

Cyber Security and Remote Working: The Best Practices to Adopt
Telecom Paris Alumni
April 05, 2020
The vast majority of us are now working remotely: Faced with an avalanche of advice of all kinds on the subject, what really matters to secure our new work practices and what are the good reflexes to adopt ?

See publication

Tags: COVID19, Cybersecurity, Leadership

The end of IT security as we know it
1E
June 28, 2017
We need to improve IT security, while speeding up responsiveness to business demands. All too often, IT Security is viewed as an impediment. It seems that the extreme choices are to have fluid business operations that are wide open to attack or to have highly secure businesses that are slowed down by the weight of complex security measures. Forrester’s call for a “Zero Trust” environment will cripple normal business operations unless the ability to permit access to data and systems is automated to a degree where security doesn’t get in the way of business operations and “fluidity”. As IT professionals, we need to find the middle ground.

See publication

Tags: Cybersecurity, Leadership, Management

18 Whitepapers
The Cyber Security Skills Gap: Real Problem or Self-inflicted Pain?
Corix Partners
December 15, 2021
You don’t have to go far these days to find security professionals complaining about skills shortages, and countless media outlets relaying their views.

But there are at least two sides to this argument and the situation requires a more balanced approach. The security industry needs to rebuild its narrative to attract more raw talent at all levels.

See publication

Tags: Cybersecurity, Leadership, Management

The Role of the CISO in a Digitally Transformed Organisation
techUK
December 02, 2021
techUK launches the second report in its Cyber People Series. The Role of the CISO in a Digitally Transformed Organisation highlights the complexities surrounding the role of the Chief Information Security Officer (the CISO). In this new report, we explore what the CISO should be focusing on in an era where every organisation is a technology organisation, as well as touching on the key attributes of a successful CISO – leadership, strategy, technical, and governance.

See publication

Tags: Cybersecurity, Leadership, Management

The Way Forward with Cyber Security Target Operating Models: A Plan of Approach for Senior Executives
Corix Partners
November 08, 2021
Many large organisations across all industries face the same challenges around cybersecurity and privacy: Growing regulatory demands, compounded by escalating cyber threats and skills shortages, and a business landscape dominated by the COVID pandemic and its aftermath.

Very often, their cyber security operating model has simply grown organically over the years and needs re-engineering or re-structuring:

- to bring it in line with evolving regulatory frameworks;
- to align it with industry best practices in terms of three lines of defence and risk management;
- and fundamentally, to give senior executives assurance that their business remains adequately protected from cyber threats across people, process and technology levels.

So what are the best ways to move forward with a cyber security operating model re-engineering programme?

See publication

Tags: Cybersecurity, Leadership, Management

Cross Industry Best Practice Benchmarking for Schools
Edutec Alliance
July 07, 2021
Delighted to have had the opportunity to contribute the cyber security section of the guide. The guide is designed to assess how well schools are doing against global best practice in terms of strategy, people, process, applications ecosystem, technology infrastructure, data, cyber security and project management.

See publication

Tags: Cybersecurity, Edtech, Leadership

The CISO at the C-Suite
techUK
December 14, 2020
The first report in this techUK Cyber People Series explores how CISOs should engage at C-Suite and Board level. As cyber security increasingly underpins and enables business growth across all sectors, and enables the Fourth Industrial Revolution to gather pace, the CISO function must seek to educate, garner and leverage support from the C-Suite and Board levels to drive change across their organisations.

See publication

Tags: Cybersecurity, Leadership, Management

Building a Vendor Risk Management Practice that Delivers Real Value
Corix Partners
November 20, 2020
A totally updated version of our 2015 white paper on this topic.

As the COVID crisis makes most businesses dependent on third-parties and cloud services, keeping a firm grip on vendor risk becomes essential.

More than ever before, keeping things simple, working in the context of each relationship and focusing efforts on key vendors are fast becoming key success factors for any vendor risk management programme.

See publication

Tags: Cybersecurity, Leadership, Risk Management

Cyber Security: Not just an Equation between Risk Appetite, Compliance and Costs
Corix Partners
November 16, 2020
An update to the 2019 version of this white paper, originally published in collaboration with The Security Transformation Research Foundation.

The COVID crisis has changed very little around the cyber security fundamentals, and established good practices – some known for decades – continue to provide protection, as long as they are properly implemented acrosss the real depth and breadth of the modern enterprise.

But the pandemic has made most businesses and most of us heavily dependent on digital services, which in turn rely entirely on digital trust.

Now more than ever, cyber security – as a cornerstone of digital trust – is becoming a matter of good corporate governance, good ethics, and quite simply – good business.

See publication

Tags: Cybersecurity, Leadership, Risk Management

Cyber Insurance: Changing Dynamics in a Maturing Market
Corix Partners
May 11, 2020
A look back at our 2016 analysis of the Cyber Insurance market, its drivers and its blockers for insurers, regulators and clients.

See publication

Tags: Cybersecurity, Leadership, Risk Management

COVID-19, Remote Working and Cyber Attacks
Corix Partners
April 06, 2020
The COVID-19 pandemic has forced governments to introduce a degree of social distancing which makes people entirely reliant on digital services.

Remote working creates new security imperatives around the way staff collaborate and share information (and around the way cyber security teams need to operate). At the same time, cyber criminals are targeting the disorganisation created by the crisis and negligent practices and cyber threats are at an all times high.

More than ever, good security and privacy practices are key to KEEPING THE LIGHTS ON.

See publication

Tags: Cybersecurity, Management, Leadership, COVID19

Security Dashboards, Metrics and Data - Management Insights to see through the Maze
The Security Transformation Research Foundation
February 20, 2020
Communicating and driving real engagement with senior stakeholders around cyber security has always been one of the most complex aspects of the CISO role.

As digital estates become increasingly complex, attack surfaces are multiplied, and most organisations face the same challenge: How do we make sense of the data we have to protect ourselves from cyber threats and drive real action around cyber security?

The Security Transformation Research Foundation, together with Corix Partners, Strata Security and a number of experts, have analysed the complex interactions between security data, metrics and dashboards and offer a number of management insights in a whitepaper which can be downloaded here.

See publication

Tags: Cybersecurity, Leadership, Management

Cyber Security: A Look Across Two Decades
The Security Transformation Research Foundation
November 07, 2019
Research by The Security Transformation Research Foundation highlights significant trends in the way the language of security has evolved across the last 2 decades. The Foundation analysed the semantics content of 17 annual “Global Information Security Surveys” from leading firm EY, spanning the period 2002-2018. By looking at the frequency of keyword markers and how those frequencies have evolved over time, the research puts in evidence a clear demarcation between 2 periods.

See publication

Tags: Cybersecurity, Management, Leadership

Cyber Security: Not just an Equation between Risk Appetite, Compliance and Costs
The Security Transformation Research Foundation
January 15, 2019
Cyber security is becoming a matter of good corporate governance, good ethics, and quite simply –good business > Key factors for boards and executive management to consider in 2019

See publication

Tags: Cybersecurity, Leadership, Privacy

GDPR: What to expect up to May 25th and beyond
The Security Transformation Research Foundation
February 01, 2018
Faced with widespread non-compliance, the attitude of regulators will be key > Key factors for boards and executive management to consider in 2018

See publication

Tags: Management, Leadership, Privacy

GDPR: A Catalyst to Drive Real Action around Privacy and Security
Corix Partners
March 30, 2017
Firms should not focus simply on deadlines, but on creating genuine long-term transformational dynamics

See publication

Tags: Leadership, Management, Privacy

Cyber Insurance: Potential Buyers Should Act With Care Over The Mid-Term
Corix Partners
November 24, 2016
The Lack of Skills and Reliable Data are still Key Market Constraints

See publication

Tags: Cybersecurity, Leadership, Management

Cloud Computing : Here to Stay … but Transparency is Key for Vendors as Regulation tightens
Corix Partners
October 01, 2016
The Key Questions CIOs should ask when evaluating a Cloud solution today

See publication

Tags: Cloud, Digital Transformation, Leadership

Internet of Things, Big Data, Cloud: Take Security and Privacy seriously to stay in the game
Corix Partners
December 03, 2015
The convergence of IoT, Big Data and Cloud Computing technologies is opening up a very large number of possibilities in terms of new digital products and services. But for the short-term, at the intersection of technologies and in the midst of the proliferation of (often immature) use cases, the privacy of consumers has become vulnerable. And fundamental cybersecurity principles – if ignored – will lead to breaches and data losses that may damage further consumer confidence.

See publication

Tags: Cybersecurity, Leadership, Privacy

Building a Vendor Risk Management practice that delivers real value
Corix Partners
December 01, 2014
Don’t focus on Risk; focus on Controls and on agreeing and tracking remedial actions with key Vendors > A guide for Programme Managers

See publication

Tags: Supply Chain, Leadership, Risk Management

Radar

1 Trend
Cyber Security Focus to Shift from Risk Management & Firefighting towards Transformation & Execution

Date : July 30, 2020

As we look towards the next decade, the Security industry must pivot towards a clearer execution focus: Security cannot be seen any more JUST as a matter of risk appetite or as a box-checking exercise; equally, constant firefighting is no longer sufficient as the “when not if” paradigm takes root in the boardroom and senior executives demand real results, often in exchange of very significant investments. Security must become a delivery imperative, and where existing maturity levels are low, the CISO must become a true transformational leader.

See Radar

Blog

31 Article/Blogs
A Different Take on The Short Tenure of the CISO
Thinkers360
June 22, 2022

The short tenure of the CISO is a topic which is widely discussed amongst security communities on social media. A number of surveys place it in the region of 2 to 3 years, but looking beyond stress, burnout, and scapegoating theories, what is really going on?

We have asked Corix Partners founder and global cyber security influencer JC Gaillard to give us his views on this matter, which he has been following closely for a number of years.

 

The short tenure of CISOs has been the subject of many articles recently; what do you think is really going on?

You are right; there is a lot of material on the theme out there… This good piece from Dan Lohrmann on GovTech last year in particular made me think (Why Do Chief Security Officers Leave Jobs So Often? – 28 Feb 2021) and was one of the starting points of my analysis and reflexion on the topic.

Overall, Dan’s analysis is comprehensive and the negative undertones he mentions behind the short tenure of CISOs match those in the ClubCISO 2020 Information Security Maturity Report – for example – on which we had already commented in 2020.

Still, I would frame the topic slightly differently, and I think an element of reflexion is also required on the impact the short tenure of CISOs is having on the security industry at large and the evolution of the cyber security maturity of large firms.

First of all, many firms, which never had a CISO before, have opened up new positions across the last decade, and demand is strong from industry sectors which were never real players in the security space.

When I started attending security conferences over 20 years ago, most of my peers were in Finance, big Pharma, or the Energy sector; regulated industries or industries where security has always worked hand in hand with safety, and where safety has always been a pillar of the culture of the sector.

Today, most industry sectors have some form of security practice in place. Recruitment activity around CISO roles is significant and profitable for recruiters. There is a significant shortage of quality management profiles in that space; salaries are high and are on the rise.

To put it simply, good CISOs get head-hunted - at least around me. Some offers are just “too good to turn down” and a number of them simply “follow the money”.

But for others, things are rarely as straightforward, and here I would go back to Dan’s analysis: The decision to change jobs is often rooted in a negative context, and the call from the recruiter is just the catalyst which starts the process. Again, that was clear already in the ClubCISO 2020 Information Security Maturity Report: Out of the seven responses presented by the report to the question “Why did you leave your last role?” (p. 19), five are clearly and unambiguously negative: From the shocking “not seeing eye to eye with senior leadership”, to “spending too much time firefighting”, “not being compensated sufficiently”, “being frustrated by the organisation’s approach to security”, or “not having enough resources or support to succeed”.

Clearly, CISOs don’t seem to be a very happy bunch, and their frustration appears to be rooted in some form of disconnect with their management.

 

Where do you think this disconnect is coming from?

Many CISO positions were created in response to rampant cyber threats across the last decade in industries which never had such roles in place. They were created tactically with the operational objective of preventing breaches, by senior executives who didn’t really understand the context and the transversal complexity involved in the cyber protection of large organisations.

It created situations where many CISOs struggled with limited resources and constant attacks, and never managed to build a meaningful narrative with management beyond mere firefighting.

They might have hopped from job to job, but they carried the problem with them, and over the past decade, many CISOs have not been able to develop the leadership and management skills which they would need to elevate the role to the next level.

And in parallel, expectations from management have changed. In the face of constant breaches in the news, the penny has finally dropped in many boardrooms and the “when-not-if” paradigm around cyber-attacks has taken root. Many boards have reached the point where they are ready to make very significant transformative investments around cyber security, but in exchange, would demand faultless execution and delivery from their CISO.

That’s what is putting many CISOs under unbearable pressure, because over the past decade, they have been prevented – by constant firefighting – from developing the softer skills, the personal gravitas, the political acumen, which are key to delivering complex initiatives in large firms.

 

How short is the “short tenure” of the CISO? And what impact does it have on the cyber security industry at large?

A survey by Nominet estimated it at 26 months in 2020. Anecdotal evidence from my network seems to back this up: Having analysed the Linkedin profile of 15 of my contacts currently in CISO positions, I have reached the figure of 30 months, each having held 3 different CISO position on average throughout their career.

It is time to start recognising the impact this CISO “merry-go-round” has had on the security industry over the past decade and on the evolution of security maturity in large firms.

You achieve very little in large organisations in 2 to 3 years, certainly very little that could have a lasting transformative impact – if that’s what’s required.

At best you kick start some projects, but each CISO comes in with their own culture, priorities and approach, and your successor may or may not follow in your footsteps. Over time, distrust sets in with senior management, who can’t help but noticing that breaches keep happening in spite of the investments made in that space. Security becomes a cost and a problem; an area no ambitious executive, internally, would consider as a possible career step.

This distrust and the spiral of failure fuelled by CISOs short tenures are at the heart of the problem here, and over the last decade, the situation has become self-perpetuating.

 

What can be done about it?

As we were writing as far back as in 2018, “nothing will change until the profile of the CISO is raised and they start to see their role over the mid to long-term”.

To break this spiral, the Board needs to own cyber security as a genuine board-level agenda item, elevate the topic and the role, build it up as a genuine career elevator to inject raw talent – probably from business circles – and create the conditions for trust to rebuild around business security objectives driven top-down, instead of operational security objectives driven bottom-up.

It may lead to the emergence of CSO type of roles, returning historical CISO roles to their original technical purpose.

More than ever, this is crucial to drive real change across organisations and their supply chain made entirely dependent on digital services by the COVID crisis and its aftermath.

 

See blog

Tags: Cybersecurity, Management, Leadership

Time to Deal with Cyber Security Strategically, and from the Top Down
Thinkers360
June 06, 2022

This is no longer just about tech — if it ever was

See blog

Tags: Cybersecurity, Leadership, Management

The Corix Partners Friday Reading List - May 27, 2022
Thinkers360
May 27, 2022

Top 10 Leadership and Management links of the week, curated by JC Gaillard, focusing on cyber security of course, but also a large cross section of subjects including digital transformation, emerging tech, ESG governance and the future of work

 

Why Cybersecurity Is Now A Board-Level Leadership Imperative

https://www.forbes.com/sites/forbesbusinesscouncil/2022/05/19/why-cybersecurity-is-now-a-board-level-leadership-imperative/

 

Cyberspaced: what to do when a skills gap becomes a chasm

https://www.raconteur.net/technology/when-cyber-skills-gap-chasm/

 

Building trust to transform the way we protect our digital identity

https://technative.io/building-trust-to-transform-the-way-we-protect-our-digital-identity/

 

Digital Transformation Isn't Just a Technology Issue, It's a Business Issue

https://www.reworked.co/leadership/digital-transformation-is-a-business-issue/

 

Digital Transformation Plans Versus Reality: Top Reasons Why Organizations Fail At Digital Transformation

https://www.forbes.com/sites/forbestechcouncil/2022/05/20/digital-transformation-plans-versus-reality-top-reasons-why-organizations-fail-at-digital-transformation/

 

Customer-Centric Innovation? Sure, But With Which Customers?

https://innovationmanagement.se/2020/09/29/customer-centric-innovation-sure-but-with-which-customers/

 

How 5 and Even 6G Will Make The Metaverse A True Reality

https://www.forbes.com/sites/michaelgale/2022/05/24/how-5-and-even-6g-will-make-the-metaverse-a-true-reality/

 

The hard truths about Web3: What no one else is talking about

https://venturebeat.com/2022/05/22/the-hard-truths-about-web3-what-no-one-else-is-talking-about/

 

Everyone likes to talk sustainability, but who takes responsibility?

https://www.information-age.com/who-takes-responsibility-for-business-sustainability-123498219/

 

What If Banks Had to Disclose the Climate Impact of Their Investments?

https://hbr.org/2022/05/what-if-banks-had-to-disclose-the-climate-impact-of-their-investments

 

Feel free to reach out via the T360 platform, Linkedin or other channels to discuss any aspect

Twitter: @Corix_JC

Email: jcgaillard@corixpartners.com

See blog

Tags: Cybersecurity, Leadership, Management

Revisiting the Corix Partners 2015 “CIO Guide to a Successful Information Security Practice”
Thinkers360
May 19, 2022

The Third Series of the Corix Partners Cyber Security Transformation Podcast

 

The third series of the Corix Partners Cyber Security Transformation Podcast is focused on looking back at our 2015 series of articles entitled “The CIO Guide to a Successful Information Security Practice – 8 Key Management Pitfalls to Avoid”.

The series, originally published on the Corix Partners blog between May and June 2015, was our first attempt to frame our ideas around how to design and operate effective and efficient cyber security practices.

It has been followed by over 100 articles published since, on the blog and on other sites, all sharing the same values and the same vision: That cyber security cannot just be seen as a technology discipline, and that successful practices operate around a sound governance structure and a clear operating model active across all corporate silos, not just a collection of technical projects.

As we publish those 8 podcast episodes over the coming weeks, we will be updating this page with links to each podcast episode, as well as the original piece the podcast is commenting on.

We would like to take this opportunity to thanks all our followers, and all of those – clients, partners, friends – who have been with us on this journey over the past 7 years, and have been instrumental in developing this narrative.

See blog

Tags: Cybersecurity, Leadership, Management

The Corix Partners Friday Reading List - May 20, 2022
Thinkers360
May 19, 2022

Top 10 Leadership and Management links of the week, curated by JC Gaillard, focusing on cyber security of course, but also a large cross section of subjects including digital transformation, emerging tech, ESG governance and the future of work

 

How business executives perceive ransomware threat

https://www.kaspersky.com/blog/anti-ransomware-day-report/

 

Building Cyber Resilience Before the Next Attack Occurs

https://sloanreview.mit.edu/article/building-cyber-resilience-before-the-next-attack-occurs/

 

When—and how—to prepare for post-quantum cryptography

https://www.mckinsey.com/business-functions/mckinsey-digital/our-insights/when-and-how-to-prepare-for-post-quantum-cryptography

 

Why a lack of ambition is holding back digital transformations

https://www.raconteur.net/digital/why-a-lack-of-ambition-is-holding-digital-transformations-back/

 

True transformation: how to not be in the 70% of digital transformations that fail

https://www.thedrum.com/opinion/2022/05/13/true-transformation-how-not-be-the-70-digital-transformations-fail

 

Ditch Digital Transformation For Digital Acceleration: Three Strategies That Work

https://www.forbes.com/sites/forbestechcouncil/2022/05/11/ditch-digital-transformation-for-digital-acceleration-three-strategies-that-work/

 

5 ways leaders can build trust no matter where their teams work

https://www.fastcompany.com/90728111/5-ways-leaders-can-build-trust-no-matter-where-their-teams-work

 

Purpose Will Make Your Business Resilient

https://chiefexecutive.net/purpose-will-make-your-business-resilient/

 

A whole new world? The metaverse and what it could mean for you

https://www2.deloitte.com/us/en/pages/technology/articles/what-does-the-metaverse-mean.html

 

Burnout Won’t Prevent Itself

https://knowledge.insead.edu/blog/insead-blog/burnout-wont-prevent-itself-18671

 

Feel free to reach out via the T360 platform, Linkedin or other channels to discuss any aspect

Twitter: @Corix_JC

Email: jcgaillard@corixpartners.com

See blog

Tags: Cybersecurity, Leadership, Management

The Corix Partners Friday Reading List - May 13, 2022
Thinkers360
May 12, 2022

Top 10 Leadership and Management links of the week, curated by JC Gaillard, focusing on cyber security of course, but also a large cross section of subjects including digital transformation, emerging tech, ESG governance and the future of work

 

Security leaders chart new post-CISO career paths

https://www.csoonline.com/article/3659708/security-leaders-chart-new-post-ciso-career-paths.html

 

Cybersecurity Without Automation Is A Losing Game

https://www.forbes.com/sites/forbestechcouncil/2022/05/05/cybersecurity-without-automation-is-a-losing-game/?sh=7f37be747768

 

Is complexity a greater challenge than cybersecurity? Here’s how to counter both​

https://elnion.com/is-complexity-a-greater-challenge-than-cybersecurity-heres-how-to-counter-both/

 

Why Is Cybersecurity Today Moving In The Wrong Direction?

https://www.forbes.com/sites/forbestechcouncil/2022/05/10/why-is-cybersecurity-today-moving-in-the-wrong-direction/?sh=27980a335ab1

 

It’s cloud time for boards—in seven charts

https://www.mckinsey.com/business-functions/mckinsey-digital/our-insights/its-cloud-time-for-boards-in-seven-charts

 

The pace of digital transformation may be slowing, but there's still a lot of work ahead

https://www.zdnet.com/article/the-pace-of-digital-transformation-may-be-slowing-but-theres-still-a-lot-of-work-ahead/

 

The End of IT as We Know It

https://www.bcg.com/publications/2022/bold-new-approach-technology-transformation

 

Stop Throwing Money At Digital Solutions, Top Tech Leader Urges

https://www.forbes.com/sites/joemckendrick/2022/04/29/stop-throwing-money-at-digital-solutions-top-tech-leader-urges/?sh=1eb871134212

 

The Loneliness of the Hybrid Worker

https://sloanreview.mit.edu/article/the-loneliness-of-the-hybrid-worker/

 

The Corporate Hitchhiker’s Guide to the Metaverse

https://www.bcg.com/publications/2022/a-corporate-guide-to-enter-the-metaverse-explained

 

Feel free to reach out via the T360 platform, Linkedin or other channels to discuss any aspect

Twitter: @Corix_JC

Email: jcgaillard@corixpartners.com

See blog

Tags: Cybersecurity, Leadership, Management

The Corix Partners Friday Reading List - May 6, 2022
Thinkers360
May 05, 2022

Top 10 Leadership and Management links of the week, curated by JC Gaillard, focusing on cyber security of course, but also a large cross section of subjects including digital transformation, emerging tech, ESG governance and the future of work

 

Cybersecurity metrics corporate boards want to see

https://www.csoonline.com/article/3658118/cybersecurity-metrics-corporate-boards-want-to-see.html

 

Companies lose your data and then nothing happens

https://www.vox.com/the-goods/23031858/data-breach-data-loss-personal-consequences

 

What Really Works When It Comes To Risk Quantification In Cybersecurity

https://www.forbes.com/sites/forbestechcouncil/2022/04/28/what-really-works-when-it-comes-to-risk-quantification-in-cybersecurity/?sh=7d85d9de5dba

 

Security Turbulence in the Cloud: Survey Says…

https://threatpost.com/security-turbulence-in-the-cloud-survey-says/179437/

 

Preserving Privacy While Sharing Data

https://sloanreview.mit.edu/article/preserving-privacy-while-sharing-data/

 

How to Map Out Your Digital Transformation

https://hbr.org/2022/04/how-to-map-out-your-digital-transformation

 

The Fast Track to Digital Marketing Maturity

https://www.bcg.com/publications/2021/the-fast-track-to-digital-marketing-maturity

 

Harnessing Personal Purpose to Enable Employee Experience

https://sloanreview.mit.edu/article/harnessing-personal-purpose-to-enable-employee-experience/

 

The Case Against Haste: Why Slowing Down Is Good for Business

https://www.entrepreneur.com/article/423403

 

How to hack your brain to cope with change

http://www.london.edu/think/ot-how-to-hack-your-brain-to-cope-with-change

 

Feel free to reach out via the T360 platform, Linkedin or other channels to discuss any aspect

Twitter: @Corix_JC

Email: jcgaillard@corixpartners.com

See blog

Tags: Cybersecurity, Leadership, Management

The Corix Partners Friday Reading List - Apr 29, 2022
Thinkers360
April 28, 2022

Top 10 Leadership and Management links of the week, curated by JC Gaillard, focusing on cyber security of course, but also a large cross section of subjects including digital transformation, emerging tech, ESG governance and the future of work

 

100 Ways To Yes: Security Leaders Need A Solution-Based Mentality

https://www.forbes.com/sites/forbestechcouncil/2022/04/18/100-ways-to-yes-security-leaders-need-a-solution-based-mentality/?sh=263fcb86f192

 

Leading by Listening: The Other Secret Sauce for the CISO

https://corixpartners.com/leading-by-listening-other-secret-sauce-ciso/

 

The Next Cybersecurity Crisis: Poisoned AI

https://www.washingtonpost.com/business/the-next-cybersecurity-crisis-poisoned-ai/2022/04/24/9615126e-c426-11ec-8cff-33b059f4c1b7_story.html

 

Digital transformation beyond Covid: what to keep and what to ditch?

https://www.raconteur.net/digital/digital-transformation-beyond-covid/

 

Digital transformation is complex: it requires trust, resilience, and innovation

https://www.fastcompany.com/90743152/digital-transformation-is-complex-it-requires-trust-resilience-and-innovation

 

Cloud foundations: Ten commandments for faster—and more profitable—cloud migrations

https://www.mckinsey.com/business-functions/mckinsey-digital/our-insights/cloud-foundations-ten-commandments-for-faster-and-more-profitable-cloud-migrations

 

Why we multicloud

https://www.infoworld.com/article/3658213/why-we-multicloud.html

 

Hybrid work: Making it fit with your diversity, equity, and inclusion strategy

https://www.mckinsey.com/business-functions/people-and-organizational-performance/our-insights/hybrid-work-making-it-fit-with-your-diversity-equity-and-inclusion-strategy

 

Yes, Investing in ESG Pays Off

https://hbr.org/2022/04/yes-investing-in-esg-pays-off

 

Making the metaverse mainstream is about the user experience. Here's why

https://www.weforum.org/agenda/2022/04/making-metaverse-mainstream-user-experience/

 

 

Feel free to reach out via the T360 platform, Linkedin or other channels to discuss any aspect

Twitter: @Corix_JC

Email: jcgaillard@corixpartners.com

See blog

Tags: Cybersecurity, Leadership, Management

The Corix Partners Friday Reading List - Apr 22, 2022
Thinkers360
April 22, 2022

Top 10 Leadership and Management links of the week, curated by JC Gaillard, focusing on cyber security of course, but also a large cross section of subjects including digital transformation, emerging tech, ESG governance and the future of work

 

CEOs See ‘No End in Sight’ To Current Cybersecurity Challenges

https://chiefexecutive.net/ceos-see-no-end-in-sight-to-current-cybersecurity-challenges/

 

Crafting a Cybersecurity Landscape That Works for Women

https://www.cpomagazine.com/cyber-security/crafting-a-cybersecurity-landscape-that-works-for-women/

 

The Business Case For Simplifying Cybersecurity

https://www.forbes.com/sites/forbestechcouncil/2022/04/15/the-business-case-for-simplifying-cybersecurity/?sh=6be1a03251e3

 

Digital Transformation Goes Nowhere Without Leadership Buy-In

https://www.cmswire.com/digital-experience/digital-transformation-goes-nowhere-without-leadership-buy-in/

 

To Lead Digital Transformation, Promote The Heck Out Of It, Then Get Out Of The Way

https://www.forbes.com/sites/joemckendrick/2022/04/14/to-lead-digital-transformation-promote-the-heck-out-of-it-then-get-out-of-the-way/?sh=27474da5502e

 

Democratizing Transformation

https://hbr.org/2022/05/democratizing-transformation

 

Why Your Digital Future Depends On The Diversity Of Today’s Business Model

https://www.forbes.com/sites/sesilpir/2022/04/18/why-your-digital-future-depends-on-todays-diversity-of-business-model/?sh=6582caf1c976

 

Beyond Blockchain: The Promise of Digital Trust Networks

https://www.bcg.com/publications/2021/digital-trust-networks-promises-digital-trust

 

Where is the office now?

https://www.strategy-business.com/article/Where-is-the-office-now

 

The critical question about the metaverse that no one is asking

https://venturebeat.com/2022/04/16/the-critical-question-about-the-metaverse-that-no-one-is-asking/

 

Feel free to reach out via the T360 platform, Linkedin or other channels to discuss any aspect

Twitter: @Corix_JC

Email: jcgaillard@corixpartners.com

See blog

Tags: Cybersecurity, Leadership, Management

The Corix Partners Friday Reading List - Apr 15, 2022
Thinkers360
April 15, 2022

Top 10 Leadership and Management links of the week, curated by JC Gaillard, focusing on cyber security of course, but also a large cross section of subjects including digital transformation, emerging tech, ESG governance and the future of work

 

How Can Companies Stay Secure After A Digital Acceleration?

https://www.forbes.com/sites/forbestechcouncil/2022/03/23/how-can-companies-stay-secure-after-a-digital-acceleration/?sh=5d6200e41ba0

 

How Native Security Controls Fit Into Today’s Hybrid Multicloud Environments

https://securityintelligence.com/posts/native-security-controls-hybrid-multicloud-environments/

 

Three Keys To Understanding The Cybersecurity Skills Gap (And Dealing With It)

https://www.forbes.com/sites/forbesbusinesscouncil/2022/04/08/three-keys-to-understanding-the-cybersecurity-skills-gap-and-dealing-with-it/?sh=124245d849a0

 

The complex layers of cloud computing sustainability

https://www.infoworld.com/article/3656792/the-complex-layers-of-cloud-computing-sustainability.html

 

Developing a Digital Mindset

https://hbr.org/2022/05/developing-a-digital-mindset

 

Cracking the Culture Code for Successful Digital Transformation

https://sloanreview.mit.edu/article/cracking-the-culture-code-for-successful-digital-transformation/

 

When Gradual Change Beats Radical Transformation

https://sloanreview.mit.edu/article/when-gradual-change-beats-radical-transformation/

 

Why Outside Perspectives Are Critical for Innovation Breakthroughs

https://sloanreview.mit.edu/article/why-outside-perspectives-are-critical-for-innovation-breakthroughs/

 

How Augmented Reality Can — and Can’t — Help Your Brand

https://hbr.org/2022/03/how-augmented-reality-can-and-cant-help-your-brand

 

What’s Under The Hood Of A Smart Metaverse Solution?

https://www.forbes.com/sites/forbestechcouncil/2022/04/11/whats-under-the-hood-of-a-smart-metaverse-solution/?sh=7ea5012f2d15

 

Feel free to reach out via the T360 platform, Linkedin or other channels to discuss any aspect

Twitter: @Corix_JC

Email: jcgaillard@corixpartners.com

See blog

Tags: Cybersecurity, Leadership, Management

The Corix Partners Friday Reading List - Apr 8, 2022
Thinkers360
April 08, 2022

Top 10 Leadership and Management links of the week, curated by JC Gaillard, focusing on cyber security of course, but also a large cross section of subjects including digital transformation, emerging tech, ESG governance and the future of work

 

Turning the Great Resignation to Cybersecurity’s Advantage

https://www.csoonline.com/article/3655890/turning-the-great-resignation-to-cybersecurity-s-advantage.html

 

Developers, Security and Operations Walk into a Bar…

https://www.cpomagazine.com/cyber-security/developers-security-and-operations-walk-into-a-bar/

 

Cybersecurity managers with a direct line to executive boards set the tone for investment

https://www.zdnet.com/article/cybersecurity-managers-with-a-direct-line-to-executive-boards-set-the-tone-for-investment-study/

 

Blockchains Have a ‘Bridge’ Problem, and Hackers Know It

https://www.wired.com/story/blockchain-network-bridge-hacks/

 

Minimizing The Negative Externalities Of Digital Transformation

https://www.forbes.com/sites/forbestechcouncil/2022/04/05/minimizing-the-negative-externalities-of-digital-transformation/?sh=47cddedca197

 

What makes a digital transformation project ethical?

https://www.information-age.com/what-makes-digital-transformation-project-ethical-123499091/

 

Running legacy systems in the cloud: 3 strategies for success

https://venturebeat.com/2022/04/01/running-legacy-systems-in-the-cloud-3-strategies-for-success/

 

The pandemic pivot: 5 key leadership lessons that will last

https://www.cio.com/article/307666/the-pandemic-pivot-5-key-leadership-lessons-that-will-last.html

 

The Five Digital Building Blocks of a Corporate Sustainability Agenda

https://www.bcg.com/publications/2022/building-blocks-of-corporate-sustainability-agenda

 

Sustainability and the metaverse: 5 considerations for preparing for the next big tech paradigm shift

https://venturebeat.com/2022/04/03/sustainability-and-the-metaverse-5-considerations-for-preparing-for-the-next-big-tech-paradigm-shift/

 

Feel free to reach out via the T360 platform, Linkedin or other channels to discuss any aspect

Twitter: @Corix_JC

Email: jcgaillard@corixpartners.com

See blog

Tags: Cybersecurity, Leadership, Management

The Corix Partners Friday Reading List - Apr 1, 2022
Thinkers360
March 31, 2022

Top 10 Leadership and Management links of the week, curated by JC Gaillard, focusing on cyber security of course, but also a large cross section of subjects including digital transformation, emerging tech, ESG governance and the future of work

 

The role of the board in preparing for extraordinary risk

https://www.mckinsey.com/business-functions/strategy-and-corporate-finance/our-insights/the-role-of-the-board-in-preparing-for-extraordinary-risk?cid=soc-web

 

Wartime Cyber Insurance Wobbled By New Fine Print. Do Boards Know?

https://www.forbes.com/sites/noahbarsky/2022/03/22/wartime-cyber-insurance-wobbled-by-new-fine-print/?sh=58f847e0177e

 

Security: The key forgotten ingredient in the transition from smart to green manufacturing

https://technative.io/security-the-key-forgotten-ingredient-in-the-transition-from-smart-to-green-manufacturing/

 

Make Resilience Your Company’s Strategic Advantage

https://hbr.org/2022/03/make-resilience-your-companys-strategic-advantage

 

We need to talk about metaverse security

https://www.information-age.com/we-need-to-talk-about-metaverse-security-123498964/

 

https://medium.com/building-the-metaverse/the-metaverse-value-chain-afcf9e09e3a7

 

Why governance is critical to cloud success

https://www.infoworld.com/article/3654911/why-governance-is-critical-to-cloud-success.html

 

From Remote Working to Intelligent Working: Next Steps for Digital Transformation

https://www.reworked.co/digital-workplace/from-remote-working-to-intelligent-working-next-steps-for-digital-transformation/

 

It’s not about the office, it’s about belonging

https://www.mckinsey.com/business-functions/people-and-organizational-performance/our-insights/the-organization-blog/its-not-about-the-office-its-about-belonging?cid=soc-web

 

The Great Resignation Didn’t Start with the Pandemic

https://hbr.org/2022/03/the-great-resignation-didnt-start-with-the-pandemic

 

 

Feel free to reach out via the T360 platform, Linkedin or other channels to discuss any aspect

Twitter: @Corix_JC

Email: jcgaillard@corixpartners.com

See blog

Tags: Cybersecurity, Leadership, Management

The Corix Partners Friday Reading List - March 25, 2022
Thinkers360
March 24, 2022

Top 10 Leadership and Management links of the week, curated by JC Gaillard, focusing on cyber security of course, but also a large cross section of subjects including digital transformation, emerging tech, ESG governance and the future of work

 

Cybersecurity is an environmental, social and governance issue. Here's why

https://www.weforum.org/agenda/2022/03/three-reasons-why-cybersecurity-is-a-critical-component-of-esg/

 

Who Owns OT Cybersecurity?

https://www.forbes.com/sites/forbestechcouncil/2022/03/10/who-owns-ot-cybersecurity/?sh=32bf53212e96

 

A Big Bet to Kill the Password for Good

https://www.wired.com/story/fido-alliance-ios-android-password-replacement/

 

The Big, Baffling Crypto Dreams of a $180 Million Ransomware Gang

https://www.wired.com/story/conti-ransomware-crypto-payments/

 

The Keys to Scaling Digital Value

https://www.bcg.com/publications/2022/keys-to-scaling-digital-ability-and-value

 

5 Key Trends Leaders Need to Understand to Get Hybrid Right

https://hbr.org/2022/03/5-key-trends-leaders-need-to-understand-to-get-hybrid-right

 

Don’t ignore virtual reality as you plan the future workplace

https://www.cio.com/article/306302/dont-ignore-virtual-reality-as-you-plan-the-future-workplace.html

 

The best way to lead in uncertain times may be to throw out the playbook

https://www.strategy-business.com/blog/The-best-way-to-lead-in-uncertain-times-may-be-to-throw-out-the-playbook

 

The Latecomer's Guide to Crypto

https://www.nytimes.com/interactive/2022/03/18/technology/cryptocurrency-crypto-guide.html

 

Lessons From 19 Years in the Metaverse

https://newsletters.theatlantic.com/galaxy-brain/6233ecafdc551a002089fb15/lessons-from-19-years-in-the-metaverse

 

Feel free to reach out via the T360 platform, Linkedin or other channels to discuss any aspect

Twitter: @Corix_JC

Email: jcgaillard@corixpartners.com

See blog

Tags: Cybersecurity, Leadership, Management

Towards Clearer Governance for OT Security
Thinkers360
March 21, 2022

In the wake of the 2021 cyber-attacks on energy infrastructure and utilities, and the heightened risk of cyber warfare being used in a more and more uncertain geopolitical landscape, we sit down with leading cybersecurity influencer and founder of Corix Partners JC Gaillard, to put things in perspective around IT and OT Security.

 

What are the main differences between IT and OT security?

Historically, IT and OT belong to different worlds, or at least different parts of the enterprise.

If we look back, Operational Technology has always been typically air-gapped in the manufacturing sector, often running on proprietary hardware and software platforms. It belonged to the realm of plant and operations managers and was managed by them and their suppliers; it used to evolve on the same timeframes as plants and machinery.

Security and safety were always key components with OT but exploiting a vulnerability to cause harm was never that straightforward (although the air gap didn’t stop the Stuxnet attack 10 years ago…).

Patching vulnerabilities was often in the hands of the suppliers and stopping the plant or altering operations to apply a patch to prevent a low probability attack, was never high on the list of priorities for operations managers. Historically, there was never an OT Security concept as such; it was just part of designing manufacturing systems and running the plant.

 

What types of evolutions have we seen in that space over the last decade?

Information Technology always evolved on different (shorter) cycles, compared to OT. Historically, it belonged to the realm of Head Office and the admin world in the manufacturing sector; but with the advent of the Internet and then the Cloud (and now remote working at scale since the COVID pandemic), the IT environment – and the supply chains it supports – have become more and more interconnected, and with hyper connection, came a significant increase in attack surfaces and associated cyber threats.

IT Security had to become more and more reactive in response, even if proactive defence-in-depth principles have continued to provide solid levels of security if properly applied across the depth and breadth of the enterprise.

That’s where the problems started with OT; because gradually the air gap between OT and IT was bridged, and it was bridged opportunistically – across industries – often to introduce point solutions, without any appreciation of the risks involved (potentially) and certainly without any kind of overarching picture or strategy.

And now, the technological acceleration coming with Industrial IoT sensors and 5G connectivity is in the process of taking this to a new level.

 

What are the factors aggravating the problem for OT security?

Overall, the IT/OT overlap was never structured, designed and secured as any kind of “interconnection”; for many, it just happened.

It did not result in the emergence of an OT Security strategy in the way there might have been an IT Security strategy; or in establishing an OT Security department, in the way there was an IT Security department.

In addition, OT devices and sensors rarely fit in any pre-defined IT box: Many are still proprietary; they’re not designed to run software agents in the way IT devices do, as Norton points out; they are often limited by their own architecture or the technological capacity of the legacy strata to which they belong.

As a result, they are not easy to integrate into a pre-existing IT Security Operations framework; they can be difficult to map out with precision and many end up ignored – but still connected to the wider IT network and potentially exposed to any threats it may carry.

Fundamentally, ownership around OT Security was rarely clarified in spite of its evolutions over the past decades and its growing dependency on IT: It is not rare for OT Security to end up in some form of organisational no-man’s-land, having become too hybrid and too complex for plant managers to handle and at the same time, too alien for IT Security managers to integrate properly into their practices.

The 2021 Colonial pipeline hack might have acted as an eye-opener for many manufacturing and energy firms, even if, in essence, it was not an attack on its OT systems.

 

What can business and tech leaders do to start taking action around OT security?

Before jumping to tech solutions, clarifying ownership and governance around OT Security has to be the place to start for organisations finding themselves in that type of conundrum.

OT Security needs to be structured as a practice in itself, as part of a broader set of Cyber Security practices, and assigned roles, responsibilities and resources. It also has to be embedded across the business structure of the firm and its operational silos, in order to develop acceptance and trust with plant and operations managers.

Once the field is mapped out and the extent of the problem is assessed, ameliorative roadmaps can be drawn to build up OT Security levels, together with an effective and efficient interface with IT Security Operations; but as always it will involve action at process, people and technology level; and preferably in that order.

 

See blog

Tags: Cybersecurity, Management, Leadership

The Corix Partners Friday Reading List - March 18, 2022
Thinkers360
March 17, 2022

Top 10 Leadership and Management links of the week, curated by JC Gaillard, focusing on cyber security of course, but also a large cross section of subjects including digital transformation, emerging tech, ESG governance and the future of work

 

How to build a culture of cybersecurity

https://mitsloan.mit.edu/ideas-made-to-matter/how-to-build-a-culture-cybersecurity

 

It's Time To Look At The Role Of The CISO Differently

https://www.forbes.com/sites/forbesbusinesscouncil/2022/03/10/its-time-to-look-at-the-role-of-the-ciso-differently/?sh=512d9967114c

 

The Cyber Insurance Market Needs More Money

https://hbr.org/2022/03/the-cyber-insurance-market-needs-more-money

 

Time to Deal with Cyber Security Strategically, and from the Top Down

https://corixpartners.com/time-to-deal-with-cyber-security-strategically/

 

It’s Not Fair, But Cyber Crime Is Cheap

https://securityintelligence.com/articles/cyber-crime-cheap/

 

From risk management to strategic resilience

https://www.mckinsey.com/business-functions/risk-and-resilience/our-insights/from-risk-management-to-strategic-resilience

 

The Rise of the Digital Incumbent

https://www.bcg.com/publications/2022/rise-of-digital-incumbents-building-digital-capabilities

 

The Questions Leaders Should Ask in the New Era of Digital Transformation

https://sloanreview.mit.edu/article/the-questions-leaders-should-ask-in-the-new-era-of-digital-transformation/

 

It’s not just money. This is what’s still driving the Great Resignation

https://www.fastcompany.com/90727646/its-not-just-money-this-is-whats-still-driving-the-great-resignation

 

Venture Capital Crucial to Push for ‘Ethical’ AI and Tech Standards

https://knowledge.insead.edu/blog/insead-blog/venture-capital-crucial-to-push-for-ethical-ai-and-tech-standards-18411

 

Feel free to reach out via the T360 platform, Linkedin or other channels to discuss any aspect

Twitter: @Corix_JC

Email: jcgaillard@corixpartners.com

See blog

Tags: Cybersecurity, Leadership, Management

The Corix Partners Friday Reading List - March 11, 2022
Thinkers360
March 10, 2022

Top 10 Leadership and Management links of the week, curated by JC Gaillard, focusing on cyber security of course, but also a large cross section of subjects including digital transformation, emerging tech, ESG governance and the future of work

 

7 Pressing Cybersecurity Questions Boards Need to Ask

https://hbr.org/2022/03/7-pressing-cybersecurity-questions-boards-need-to-ask

+ my commentary on this piece here on the Thinkers360 blog >>

Three Axes of Discussion to Build up a Cyber Security Agenda at Board level

https://www.thinkers360.com/tl/blog/members/three-axes-of-discussion-to-build-up-a-cyber-security-agenda-at-board-level

 

7 mistakes CISOs make when presenting to the board

https://www.csoonline.com/article/3650658/7-mistakes-cisos-make-when-speaking-to-the-board-of-directors.html

 

Security Pro Burnout Signals IT Security Shift

https://securityboulevard.com/2022/01/security-pro-burnout-signals-it-security-shift/

 

Research: When Geopolitical Risk Rises, Innovation Stalls

https://hbr.org/2022/03/research-when-geopolitical-risk-rises-innovation-stalls

 

Silos That Work: How the Pandemic Changed the Way We Collaborate

https://hbswk.hbs.edu/item/silos-that-work-how-the-pandemic-changed-the-way-we-collaborate

 

Digital transformation: 3 IT culture traps that can hold you back

https://enterprisersproject.com/article/2022/3/digital-transformation-3-it-culture-traps

 

The data debt hindering your digital transformation

https://www.pwc.com.au/digitalpulse/data-debt-transformation.html

 

How to Take Back Control of Your Spiralling Cloud Spend

https://technative.io/how-to-take-back-control-of-your-spiralling-cloud-spend/

 

‘Cloud native’ confusion continues

https://www.infoworld.com/article/3652530/cloud-native-confusion-continues.html

 

The environmental impact of the metaverse

https://venturebeat.com/2022/01/26/the-environmental-impact-of-the-metaverse/

 

Feel free to reach out via the T360 platform, Linkedin or other channels to discuss any aspect

Twitter: @Corix_JC

Email: jcgaillard@corixpartners.com

See blog

Tags: Cybersecurity, Leadership, Management

Three Axes of Discussion to Build up a Cyber Security Agenda at Board Level
Thinkers360
March 08, 2022

Revisiting the questions the Board should ask (one more time…)

 

This piece in the HBR caught my attention (“7 Pressing Cybersecurity Questions Boards Need to Ask” – Dr Keri Pearlson, Nelson Novaes Neto – 4th March 2022), not least because I wrote on the same theme and framed it in the same way at least on two occasions in 2016 and 2019.

The scene setting around the “five things directors need to know about cybersecurity” is spot on, and echoes many aspects we have been endorsing and writing about at Corix Partners since 2015.

But when it comes to the “7 questions”, I am left slightly confused about who is meant to be asking them to whom; I assume this is a Board member asking the others and expecting answers probably from C-Suite representatives across the table, but I miss three elements:

First of all, I miss a clearer reference to the cyber threats the business is facing. This is not just about knowing what key assets have to be protected, but also understanding who and what could target them to cause harm to the firm (and how, and to what extent).

In fact, only a sound appreciation of the cyber threats involved can determine the nature and level of cyber protection required. You don’t defend yourself in the same way against rogue insiders motivated by financial gain, or state-backed actors motivated by stealing your IP.

It is the role of the Board to understand the level and nature of cyber threats the business is facing, and position them on a broader picture encompassing all other threats (for example, environmental or geopolitical), and in the context in which the business has to operate, often dominated by volatility, uncertainty and ambiguity.

Second, I miss a reference to cyber security maturity levels. This cannot be a one-size-fits-all exercise. In spite of the non-stop avalanche of cyber attacks of the last decade, not all organisations have reached an advanced level of cyber security maturity, and many have struggled with the deployment of protective measures due to adverse prioritisation by their business.

Understanding where the firm is on the maturity spectrum and looking without complacency at the root causes that have prevented progress in the past, should be key for the Board.

After all, cyber security good practices have been well established for over two decades, and to a large extent still provide a degree of protection against most threats.

Waking up today to a low level of cyber security maturity should not be treated as “normal” by the Board. The underlying causes have to be confronted: They can be financial (under investment), cultural (adverse prioritisation, business short-termism), or organisational (low reporting line of the CISO, absence of operating model); the most likely is that they will involve a combination of the three, and possibly other elements.

Understanding those should be key to position the questions the Board needs to ask at the right level, and in particular when it comes to assessing the adequacy of the investment required and targeting action to the right places.

Finally, I miss a broader reference to the governance framework within which cyber security measures have to deployed and executed. This is taking me back to my 2016 and 2019 pieces, and frankly, the “who’s in charge” question is still very relevant; to be more precise, it should be “who’s in charge of what” …

The Board is justified in pushing that agenda because of the escalating levels of cyber threats, coupled with the escalating complexity of the modern enterprise and its supply chain.

This is not about deciding whose head will roll in case of a breach but understanding how roles and responsibilities for cyber defence are documented and allocated across the Board, the C-Suite and the Firm at large.

This can no longer be left to semi-formal arrangements and vague job descriptions, and it goes way beyond having incident response plans and testing them. And it is not about “wheeling in” the CISO twice a year in front of Board either.

Accountabilities and responsibilities for cyber security need to be attributed formally across the Firm from the top down at the level of each relevant stakeholder and set in role descriptions, against which objectives can be defined and compensation determined.

Formalising cyber security roles and responsibilities would drive the formation and the backbone of a security operating model, against which investments can be justified, progress tracked, and maturity measured.

So, in conclusion, and revisiting one more time the questions the Board should ask around cyber security, I would suggest three axes of discussion, to build up the right agenda:

  • What cyber threats are targeting us? Which assets are they targeting? What harm can they cause and how?
  • How mature are we at defending ourselves against those threats? If maturity is not at a level deemed satisfactory, what are we doing about it?
  • Who is in charge of what in that context? How are organisational arrangements structured and formalised, in a way which would give the Board assurance that cyber security investments do deliver the expected level of protection, progress is tracked, and maturity maintained or improved?

We are also reaching a point of urgency in many firms where cyber security matters can no longer be explained away or delegated down by the Board.

Where that is the case, one Board member should own and drive such agenda. If the skills required to understand the situation are perceived as lacking at Board level, then they need to be brought in, permanently, temporarily or on an ad-hoc basis.

This is the only way to move things forward around cyber security where bottom-up approaches have failed, and a strong top-down push is required.

See blog

Tags: Cybersecurity, Leadership, Management