During Cybersecurity Awareness Month, 1000’s of cyber professionals from around the globe convened in Las Vegas for the ISC2 Security Congress 2024 to speak about the business demanding situations and absolute best practices — together with methods for lowering industry dangers and minimizing uncertainty of their operations.

Ralph Villanueva was once a kind of cyber pros who introduced recommendation to audiences. An IT safety and compliance analyst at Hilton Grand Vacations, he riffed on the preferred industry self-help guide “7 Habits of Highly Effective People” for his presentation, distilling absolute best practices into seven behavior and detailing how they are compatible into day by day paintings.

The 7 behavior of efficient IT safety and compliance pros

The behavior Villanueva highlighted come with:

1. Understanding your online business’s industry undertaking, imaginative and prescient, and goals. Instead of that specialize in your function, get everybody on board with one undertaking.
2. Continuously finding out the inner and exterior IT atmosphere and dangers of your online business.
3. Knowing the important thing gamers in your online business. Some staff might push aside this as “playing politics,” Villanueva stated, but it surely’s necessary to understand who to visit for funds wishes or different requests.
4. Understanding your strengths and weaknesses, spotting when to invite for assist.
5. Learning to keep in touch the technical necessities of compliance. Help coworkers and stakeholders from different portions of the industry perceive why the ones necessities are necessary.
6. Accepting the truth of your activity, because of this anticipating and having plans for pushback. “Some people will unfairly look at the security policies and the data provenance policies we put in place and say it’s an unnecessary burden. Ironically, that includes some of the key officers of the company,” Vlillanueva stated.
7. Adopting a proactive, certain angle — and remembering that you’ll be able to make a distinction on your group. “It [a positive attitude] will not get the work done, but it will help you be a better IT security audit and compliance professional,” Villanueva added.

What roadblocks stand in the way in which for safety and compliance pros?

These suggestions can assist safety and compliance pros conquer commonplace roadblocks, Villanueva stated. Obstacles can come with the “silo” nature of commercial, through which different departments see safety as “IT’s problem.”

As Villanueva defined, the gross sales division might intention to scale back what they understand as friction in sure processes. Meanwhile, IT might suppose some friction is helping stay the ones processes protected. Similarly, staff each outside and inside tech roles might fixate on capability as a substitute of having a look on the large image.

“Some companies have a piecemeal approach to updating their servers, their endpoints, their databases,” Villanueva stated.

SEE: At ISC2 Security Congress, SentinelOne CISO Alex Stamos named refined risk actors as essentially the most urgent worry for cybersecurity pros these days.

Additionally, board individuals and bosses would possibly not prioritize cybersecurity.

Relying an excessive amount of on generation may also be adverse to a industry. Security and compliance pros should notice over-reliance on generation itself may well be destructive, as Villanueva highlighted circumstances, such because the CrowdStrike outage in July and attorneys being penalized for the use of ChatGPT, as related examples of overreliance on generation.

How to use the 7 behavior in what you are promoting

Villanueva emphasised that as a substitute of that specialize in day by day demanding situations, safety and compliance pros will have to believe the massive image. He reminded attendees of the significance of the previous industry staple: the “three-legged stool” of other people, procedure, and generation.

Villanueva urged one method to the issue of teams being siloed at paintings is to have conferences extra ceaselessly. “For some meetings are a waste of time, but meetings are really important to getting everyone on board,” he stated.

He advisable getting as a lot board involvement as conceivable. One day, Villanueva predicted, public firms could also be mandated to have an AI professional at the board. The SEC thought to be mandating a cybersecurity professional sit down on forums of administrators of public firms as of 2022. However, it retracted the proposal via 2023.

Finally, Villanueva reminded safety and compliance pros to observe third-party possibility. In one gaming status quo, he stated, risk actors walked away with a pot of individually identifiable data — as a result of they had been ready to damage in via a third-party seller managing a fish tank.

Disclaimer: ISC2 paid for my airfare, lodging, and a few foods for the ISC2 Security Congress match held Oct. 13 – 16 in Las Vegas.