View the Magazine PDF Here
SECURITY AS A COMPETITIVE ADVANTAGE
“Today, security is truly a business enabler and proves to be a competitive advantage,” says Darrell Keeling, the CISO of retailer Land’s End. Keeling believes that CISOs who accept certain risks to do business, show due diligence, and establish thorough processes, are influential leaders who drive security in a way equal to revenue, creating a robust competitive advantage.
When founders build successful organizations, they bear many risks, something that is no different to security. When security teams take a step back and analyze the holistic risks, they are able to focus their energy on conveying business value. Keeling says, “It is important to leverage analytics and data to evaluate risk, something that has traditionally not been done. We can then use the results to help make employees more efficient, and to improve our practices to make the consumer experience better from a security perspective.”
THE RISE OF SOFT SKILLS
A business-focused security program starts with the CISO, but only sees true success when the entire security team is also enabled. Keeling believes that security talent must possess fundamental soft skills, as much as technical skills, however he recognizes that these soft skills are gradually evolving amongst security professionals. To develop these soft skills, Keeling dedicates himself to opening up new doors and opportunities for his team. “The most important thing for me is to get IT security out within the rest of the business. I give them opportunities to be more engaging to the business and get them out in front of more departments and people. I also challenge them to know the business and be more engaged by breaking down these traditional silos.”
MOVING BUSINESS STRATEGY FORWARD
SECURITY AWARENESS
Keeling recently introduced himself at a company meeting and asked the security team to stand up, which his team of six did. While they were still standing, he again asked the audience for the security team to stand up. When no one else rose, he asked everyone in the audience to stand. “It takes a team to combat risk and there is an importance on everyone being a part of the security team. Hackers are out there working in teams and in groups by sharing information and working together. We have to do that also,” says Keeling. His goal is to ensure that everyone knows that his door is always open and there is no risk too small to discuss with him. “I want to make a big change in the organization and lower risk by making sure everyone is confident to come forward. I am driving a culture of collaborative conversation.”
ANALYTICS
“There is a huge value in security analytics with regards to efficiencies and the ability to change the overall user experience in what we do today from a security perspective.” Most organizations have not tapped into the great amount of potential within analytics. Keeling believes that some organizations are taking a “block and tackle” approach and not leveraging the data to help reduce risk and streamline many diverse areas that continue to have high costs.
INCIDENT RESPONSE
According to Keeling, incident response must be baked into the culture, regardless of industry or revenue. He affirms the necessity to review all incidences, evaluate the level of risk, and continuously learn from them. “Our role here [in the retail industry] is to ensure that the risks we are accepting are communicated, acknowledged, and that we have the critical processes in place to support our policies, because that is what our consumers believe we are doing. It is most important to maintain consumer trust.”
Subscribe
Stay up to date with cyber security trends and more