View the Magazine PDF Here
[poll id="5"]
Hussein Syed is the CISO of Barnabas Health, New Jersey’s largest integrated health care delivery system, which provides treatment and services to more than two million patients each year. At Barnabas for over thirteen years, Syed experienced the evolution and maturity of the security program. He noticed the need to institute a dedicated leader responsible for managing the overall security, and played a key role in the discussion to develop this position, along with the “Security Oversight Group”. Recently, he took on this role as the first-ever CISO at Barnabas and with a few months under his belt, he possesses a vision for success and desire for continued growth.
THE EVOLUTION OF SECURITY
“The need for security has evolved, especially for the healthcare industry, which is one of the largest targets for hackers. As the value of healthcare information steadily increases, the industry is starting to concentrate on security as more of a business problem,” says Syed. With this heavy focus on security, healthcare organizations are able to focus on important aspects of their work such as progressive medicine and preventive care, instead of worrying about being in the news for a breach.
“Security has been reactive and tactical for most companies, even the well-structured ones, because they have not looked at security from a business strategic objective,” says Syed. He acknowledges that there are many surveys conducted by reputable organizations which identify cyber security maturity as below the median range for most companies. While Syed recognizes there are organizations that do in fact build strategic planning around the business objectives, most find themselves struggling to bring the problem and potential solutions to the Boardroom-level. “It is important to identify risk and present options for mitigating that risk, not just from an IT perspective, but from a business perspective,” he comments. Furthermore, Syed knows that business leaders want to hear how risks were mitigated and see metrics that are easily understood from a business perspective. Syed recognizes that the industry is rapidly approaching a stage where security is at the forefront of business.
A PLAN FOR ADVANCEMENT
Syed understands that the Board is no longer waiting for security events to happen. Instead, they proactively seek opportunities to address security, and if something happens they are in a position to react quickly with minimal damage. For Syed, positive visibility with the Board means they recognize that the security department is being hands-on and security positions itself to better articulate and speak the language that management understands.
Syed has leveraged his connections with other security leaders to educate himself and share best practices. He comments, “It is sometimes easier to learn from other security leaders’ experience than try to reinvent the solution. The most important piece of advice I have heard was to learn your business and speak the language of your business. This is what CISOs need to do to survive.” By attending Roundtable Network events hosted by Steven Katz, networking with as many CISOs as he can, and attending many other industry events, he has acquired key knowledge to gain influence, build credibility, and increase recognition.
FUTURE OF THE CISO
Some organizations already have the CISO reporting directly to the CEO and Board, a trend Syed believes will only increase as organizations realize the significant value in information security and as CISOs start to mature and learn the business acumen of working at a higher, executive level. Syed believes the role of the CISO will continue to expand and will ultimately be a crucial part of every Board Room discussion. “The biggest challenge for many CISOs is that they do not have a business education. This is something they will have to understand to help set the overall strategy of the organization and be a part of the bigger picture.” For Syed, he looks forward to continued industry growth, as well as evolving his position to eventually align and report to executive management.
Subscribe
Stay up to date with cyber security trends and more