From Texas Farm to CISO: A Journey in Cybersecurity
Growing up on a Texas farm, one might not expect to end up investigating cybercriminals at the FBI and then protecting financial data at a global software company. However, the cybersecurity industry thrives on unpredictability, attracting individuals like myself to its ever-evolving challenges.
Having a diverse career brings many benefits, such as being able to approach challenges from different perspectives, draw from a wide range of experiences, and quickly adapt to new threats. From roles in the Department of the Navy and the U.S. Bankruptcy Court to the FBI, I have applied learnings to security roles in various industries, including telecoms, consumer goods, private equity, and now as the CISO at BlackLine.
Finance teams: the unexpected front line
While cybersecurity is often associated with IT departments and firewalls, attackers are increasingly targeting finance and accountancy professionals who handle sensitive data and authorize payments. Business email compromise, fake invoice scams, and internal fraud schemes frequently originate within finance teams due to process gaps or lack of cyber awareness.
It is crucial for finance leaders to recognize cyber risk as a core business risk and implement proactive controls, training, and collaboration with security teams to mitigate threats.
Securing operations: from mindset shift to practical steps
Cybersecurity is not just a technical issue but a business issue that requires all teams to play a role in keeping the organization safe. Implementing tailored security awareness training, dual approvals for payments, and regular audits of user permissions are essential steps in building a secure financial operation.
Building layered controls and recognizing third-party exposure are also crucial in reducing cyber risk in financial processes.
Why communication is a CISO’s strongest tool
Effective communication of cybersecurity risk in business terms is key to engaging stakeholders outside the IT realm. Framing security in the language of risk and being transparent about successes and challenges helps build alignment between IT and business functions.
Establishing clear expectations and fostering a culture of continuous improvement through communication is vital in driving action and building trust.
The rise of AI – and the risks that come with it
The integration of AI tools in security operations offers automation benefits but also introduces new risks such as data leakage and inaccuracies. Deploying AI solutions with clear policies, regular reviews, and strong governance is essential in preventing new threat types from emerging.
Investing in AI capabilities that complement human oversight and providing training to all employees on AI tools’ opportunities and limitations is crucial in enhancing security measures.
Cyber resilience in a borderless world
Cyber threats transcend geographic boundaries, emphasizing the need for a global high bar for security controls. Upholding the principles of confidentiality, integrity, and availability is paramount for finance professionals in safeguarding data in an increasingly complex AI-driven age.
Advice for the next generation
For those considering a career in cybersecurity, remember that your perspective matters. Whether tracking hackers or shaping board-level security strategies, the human element remains crucial in cybersecurity endeavors.
Jill Knesek is the Chief Information Security Officer at BlackLine.
