The New CISO: Harnessing the Power of Automation in Cybersecurity

On episode 92 of The New CISO podcast, host Steve Moore is joined by Peter Fröchtenicht, National Manager for Security and Compliance and CISO at NEC Australia. Peter’s insights on the complexities of AI, the benefits of time-saving tools, and the most common security threats provide a thought-provoking exploration of the current state of cybersecurity.

The rise to CISO and the emergence of the role

Peter’s journey in the tech industry began 27 years ago as a systems engineer in South Africa. Over the years, he ascended through various organizations, always demonstrating loyalty to his employers. “If my company employs me, I do have an obligation to return value,” he says. This sense of loyalty is reflected in his long tenures at different companies, a rarity in an industry where job hopping is common.

The CISO role is relatively new in Australia, having only gained prominence in the last five years. “If you would search SEEK (an Australian job search site) or LinkedIn at that time, you’d probably find maybe one a month, or not even a month in ads for CISO,” Peter explains. However, as the importance of cybersecurity has grown, so too has the need for CISOs.

The cyberespionage threat

One of the most significant threats facing Australia today is cyberespionage, with China being a particular concern. Peter notes that Australia’s geographical location and its close ties with western countries make it a prime target. “We see increasing attacks daily,” he says. “It doesn’t matter who we are, there’s consistent threats out there and consistent attacks.”

The power of automation

While Peter admits he doesn’t have a crystal ball, he believes that AI and automation will continue to play a crucial role in cybersecurity. He highlights the importance of automating tasks to save time and reduce errors. “AI automation is key for us. From a management perspective…if you could automate anything, it would be very, very helpful to help that engineer or that analyst to move on to something else,” he says.

But he also warns of the potential dangers of AI, particularly when it comes to data sovereignty issues: “If you develop an application for a company with critical services…and you use ChatGPT, I mean, that codes it somewhere. You upload it, it sits somewhere, it is in memory somewhere and for someone else to use. So you’re putting your organization and that organization at risk at that time.”

Understanding normal and abnormal behavior

One of the key points that Peter and Steve discuss is the power of distinguishing normal from abnormal behavior within a system. Steve uses the examples of an outage call or an incident response scenario, where questions like “Is this normal? Does Peter typically sign into this server? Where does Peter typically upload files to this location?” often arise.

Peter explains that, sometimes, abnormal behavior can be a result of convenience rather than a malicious act. For example, an employee might upload something from a mainframe to their local desktop for convenience, and then connect to a network at an airport, unintentionally exposing a customer database. This doesn’t mean that the mainframe is compromised, but the workstation and the customers are. So, while it’s crucial to identify and understand abnormal behavior, it’s equally important to recognize that not all abnormal behavior is a threat.

The challenges and opportunities of a CISO

Peter’s unique position as a CISO, managing both internal network security and service delivery, offers fascinating insights into the challenges and opportunities of the role. He highlights the difficulty of giving up his technical capabilities to become a manager and a CISO. And he emphasizes the importance of trusting his employees and investing in their training and development.

When asked about the transition from service delivery to the CISO role, Peter shares that adding a governance mindset was crucial. A CISO needs to think about people, processes, technology, and business. He also stresses the importance of updating policies regularly, as they often get lagged.

Owning your education

One of the most inspiring pieces of advice Peter shares is about owning your education. He encourages listeners to qualify themselves as much as they can and not wait for a company to send them on training. He also emphasizes the importance of challenging oneself and taking on new tasks, even if they seem daunting at first. 

The speed of cybersecurity

When asked what being a new CISO means to him, Peter highlights the increasing speed of everything in the cybersecurity landscape. He notes that CISOs need to plan better and more efficiently, adapt their strategies quickly, and ask for budgets much faster than before. 

Conclusion

In conclusion, the role of a CISO is complex and ever-changing. But with the right tools and a keen understanding of the threat landscape, it’s possible to stay ahead of cyberthreats. As Peter Fröchtenicht’s insights show, the power of automation cannot be underestimated in this fight.

For a deeper dive into Peter’s insights and experiences, listen to the full episode or read the transcript.