On today’s episode, Luk Schoonaert, CISO for Exclusive Networks, joins us to discuss his experiences becoming a new CISO as well as the digital transformations and threat hunting.
Currently based out of Belgium, Luk has been in security for over 20 years. Working in startups for years, he developed his passion for security. Newly, he has become the CISO for Exclusive Networks. He is a technology focused, goal oriented individual.
Working with the Buyer
If you are working with vendors or as a defender in a network, it is essential to equip the buyer and teach them how to sell internally. Leaving them with a clear picture, number or story that enables them to get their job done is an important skill to have. Luk advises to listen and ask questions in your meetings. Talk about the big picture and be transparent.
What should a CISO report to the board? How should they represent their program? Be there for the business so the business can function. Think about how you can best help the business to grow in what they are doing.
With the cloud becoming more in use, sometimes the security team gets left behind when the data transfer occurs. Adapting to such changes requires extra help and can also lead to mistakes or attacks. If you lose your logs, it can cause many problems to arise. However, it can be a great opportunity – if you get ahead of it.
As a CISO, pick one thing and do it well. If you focus on one thing and succeed, you’ll be able to build some credibility and gain leadership merit.
Luk has helped to build a Threat Hunting Academy. People can oftentimes stay too connected to old technology. He is giving workshops where, using a lab environment, they show how a breach occurs. This visualization of an attack is something many people never see or truly understand. Their program has received positive feedback and they now have an even more hands-on class.
By showing how an intrusion happens, it can help people realize where they may be lacking. This is an ongoing effort but it helps things to not go undetected. Ask the “what ifs.” You will get a good idea at how well you could do should an attack occur.
Through this, you can measure efficacy and tell the story of your business.
Being a New CISO
To Luk, being a new CISO is a very exciting expeirence. Being able to implement security practices in a company and drive the direction of certain practices is exciting. Ensuring secure functions of a company is something he takes very seriously.