The New CISO Podcast: Lakshmi Hanspal’s Six Pillars of Responsibility
Hosted by Exabeam Chief Security Strategist Steve Moore, a former IT security leader himself, The New CISO podcast invites chief information security officers to give us their take on cybersecurity trends, what it takes to lead security teams and what it takes to be a CISO today.
In this episode, Steve sat down with Lakshmi Hanspal, Global CISO at Box, who’s been an active member of the security community for more than 23 years. By no means a one-trick-pony, Lakshmi’s career path has taken many turns, which ultimately led her to her role as a CISO.
As a CISO, experience in a broad range of business functions incorporating security—often paves the way for future career growth; and through constant change, cybersecurity creates opportunities for some to reshape the way their organization sees them from a security office, into a “trust office.”
The six pillars needed to build trust
For her team to be successful, Lakshmi divides her “trust office” responsibilities into six distinct categories, or pillars. These include:
This covers a broad range of areas: operations, corporate products, customer production automation, and automation. Red team, blue team security defense, and compliance also fall under security.
Lakshmi sees quality as the dog wagging every other tail in the trust pillars so her team can achieve the level of quality they need with certifications, with policies, standards, and training.
“Privacy for Box is within legal, so we are the doer arm for privacy, making sure that privacy by design, privacy principles are incorporated within our product, and we can perform privacy impact analysis,” says Lakshmi.
For them, that also includes thought leadership operations around data scans, data hygiene, data loss protection, data retention, deletion and so on.
Risk & Assurance
The validation function includes Box’s internal audit function, which Lakshmi highlights as more than just security auditing. She explains how they do it at Box,
“We go after other areas in the company as well, so that’s a little bit of expansion of scope within the team, but it includes important aspects like enterprise risk management, crisis, emergency, business continuity, disaster recovery, and third party assessments.”
Governance & Project Management
Strategic portfolio operation excellence metrics are a big part of Lakshmi’s team’s responsibilities, helping define the path to a process-driven organization.
Early discussions with customers, transparency around the capabilities and risks in operating on the platform and also learning from customers means the Box team doesn’t end up operating in a bubble.
“We believe this is the differentiator between customers choosing Box, continuing to retain Box as their strategic platform for that content and building upon the capabilities of how they are using platforms.”
Building trust through empathy
“Every single pillar that I’ve had, I’ve operated intrinsically and in detail, so when I talk to my team, when I talk across the pillars, or even when I talk to engineering, I’m able to put myself in their shoes,” says Lakshmi.
She notes the importance of the six pillars in both running an effective team but also understanding people’s needs, and through empathy building trust.
“We call ourselves the trust office, so we truly believe that we build trust within our product service offerings. We maintain that trust through independent certification assurance and so on, and trust is what we’re selling to our customers,” she explains.
Like what you read and keen to listen to the full episode? Check out Lakshmi’s full episode here.