The New CISO Podcast: Lakshmi Hanspal’s Six Pillars of Responsibility

The New CISO Podcast: Lakshmi Hanspal’s Six Pillars of Responsibility

Published
January 09, 2020

Author
Gerhard Jacobs

Hosted by Exabeam Chief Security Strategist Steve Moore, a former IT security leader himself, The New CISO podcast invites chief information security officers to give us their take on cybersecurity trends, what it takes to lead security teams and what it takes to be a CISO today.

In this episode, Steve sat down with Lakshmi Hanspal, Global CISO at Box, who’s been an active member of the security community for more than 23 years. By no means a one-trick-pony, Lakshmi’s career path has taken many turns, which ultimately led her to her role as a CISO.

As a CISO, experience in a broad range of business functions incorporating security—often paves the way for future career growth; and through constant change, cybersecurity creates opportunities for some to reshape the way their organization sees them from a security office, into a “trust office.”

The six pillars needed to build trust

For her team to be successful, Lakshmi divides her “trust office” responsibilities into six distinct categories, or pillars. These include:

Security

This covers a broad range of areas:  operations, corporate products, customer production automation, and automation. Red team, blue team security defense, and compliance also fall under security.

Quality Management

Lakshmi sees quality as the dog wagging every other tail in the trust pillars so her team can achieve the level of quality they need with certifications, with policies, standards, and training.

Data Protection

“Privacy for Box is within legal, so we are the doer arm for privacy, making sure that privacy by design, privacy principles are incorporated within our product, and we can perform privacy impact analysis,” says Lakshmi.

For them, that also includes thought leadership operations around data scans, data hygiene, data loss protection, data retention, deletion and so on.

Risk & Assurance

The validation function includes Box’s internal audit function, which Lakshmi highlights as more than just security auditing. She explains how they do it at Box, 

“We go after other areas in the company as well, so that’s a little bit of expansion of scope within the team, but it includes important aspects like enterprise risk management, crisis, emergency, business continuity, disaster recovery, and third party assessments.”

Governance & Project Management

Strategic portfolio operation excellence metrics are a big part of Lakshmi’s team’s responsibilities, helping define the path to a process-driven organization.

Customer Advocacy

Early discussions with customers, transparency around the capabilities and risks in operating on the platform and also learning from customers means the Box team doesn’t end up operating in a bubble.

“We believe this is the differentiator between customers choosing Box, continuing to retain Box as their strategic platform for that content and building upon the capabilities of how they are using platforms.”

Building trust through empathy

“Every single pillar that I’ve had, I’ve operated intrinsically and in detail, so when I talk to my team, when I talk across the pillars, or even when I talk to engineering, I’m able to put myself in their shoes,” says Lakshmi.

She  notes the importance of the six pillars in both running an effective team but also understanding people’s needs, and through empathy building trust.

“We call ourselves the trust office, so we truly believe that we build trust within our product service offerings. We maintain that trust through independent certification assurance and so on, and trust is what we’re selling to our customers,” she explains.

Like what you read and keen to listen to the full episode? Check out Lakshmi’s full episode here.

Recent Information Security Articles

Five Steps to Effectively Identify Insider Threats

Read More

Detecting the New PetitPotam Attack With Exabeam

Read More

The Challenges of Today’s CISO: Navigating the Balance of Compliance and Security

Read More

Human Managed Selects Exabeam to Drive Faster Decision-making

Read More

Exabeam Successfully Completes the Annual System and Organization Controls SOC 2 Type II Audit

Read More



Recent Information Security Articles

SIEM Gartner: Get the 2021 Magic Quadrant Report

Read More

Five Steps to Effectively Identify Insider Threats

Read More

Detecting the New PetitPotam Attack With Exabeam

Read More

The Challenges of Today’s CISO: Navigating the Balance of Compliance and Security

Read More

Human Managed Selects Exabeam to Drive Faster Decision-making

Read More