The New CISO Podcast Episode 81: Protecting Your Revenue with Machine Learning and Data Science with Steve Magowan
Podcast Transcript | Air Date December 15, 2022
Listen to Steve and Steve discuss educating executives and how utilizing data science in your security program can reduce friction and translate risk:
Welcome Back, Steve (1:45)
Host Steve Moore reintroduces our guest today, Steve Magowan. As a reminder, Steve manages everything security-related for Blackberry, from corporate security development to spearheading IoT initiatives.
When asked to define AI, Steve Magowan explains that what AI means to the security world today is machine learning, both unsupervised and supervised, to prevent risk. In general, AI is still being widely researched and is often a buzzword thrown around, but full-on AI remains theoretical.
Turning AI Into Action (6:22)
Steve asks Steve Magowan how he handles the AI suggestion from executives, who may need more clarification on how this tech is used.
Steve Magowan recognizes that he is a business enabler whose job is not only to protect data but to protect revenue. He would need to keep his company’s resources in mind when discussing AI and determine if this type of tech is needed for the goals ahead.
Protector of Revenue (11:30)
Steve Magowan has the unique position of protecting revenue for his company, an uncommon skill set for CISOs. Steve uses ML technology to map business activities and relate that to security. Having that ability allows him to communicate with executives in business terms to ensure their funds remain safe.
Clear Lines (15:34)
Although Steve has this authority, he believes CISOs should refrain from reporting to a CFO or CIO because their mandates conflict. Although executives wish to simplify their correspondence by going to a CIO for a one-stop shop, conflating their roles with a CISO would downplay both positions and render them less effective.
Understanding Risk Management (19:10)
Steve Magowan always tells leaders that risk management is the language in which security leaders gain money because you can turn security problems into dollars and cents. Pulling data allows you to understand and pitch how to receive resources based on the security issues faced.
Ultimately, Steve’s job is not to separate operations and business. His role is not to achieve technical outcomes but business outcomes using technical outcomes.
Walking Through Detection Triggers (27:22)
Steve asks Steve Magowan why the detection of bad things has shifted from signatures to “normal vs. abnormal.”
Steve Magowan explains how the landscape has changed and that the bad guys now have more money to commit cyber crimes and have the same education as security professionals. With cyber criminals getting more clever, ML is the only way to detect patterns that don’t make sense, though even that is getting challenging.
Staying Resilient (32:42)
When facing sophisticated threats, you must ensure that you have data backups that cannot be breached and limit the scope of the hacker’s blast radius for any hit. There will always be threats, but you must do your best to remain resilient.
The Bias Problem (34:58)
Steve Magowan outlines the risks of building your own ML program, such as personal biases that can skew the results of your data. The biggest lesson is that data can lie and lead you in the wrong direction if you let it.
The Flow Of Output To Input (39:22)
From a data science perspective, the data doesn’t always cooperate. Although the goal is always to make the data readable to executives and reduce friction, these systems have been designed by different people from different systems during different times. Every security leader must parse through the information and bake it together into something usable for the business.
Helpful Tips (43:48)
Steve Magowan recommends mapping your tools, determining the problems they solve, and then relating that to your greater security framework. You can then review what works and what tools can be removed or added. The main goal is finding your problems and then mapping your solutions accordingly.
What It Means To Be An Executive (39:47)
Steve presses Steve Magowan on what it means to be an executive who leverages data science and ML. To Steve, it means that you must use your technical skills to protect revenue if you want to have a seat at the table.
Links mentioned: