Cybersecurity: From an afterthought to a strategic asset
New research shows that a growing number of organisations view cybersecurity as a strategic priority.
Read MoreAllan Alford (CEO at Alford & Adams, Podcast Host at The Cyber Ranch) started out as a hacker – and from there, embarked on a tech career that has spanned coding, systems administration, and IT management. A pivot into engineering took him in the direction of product security; and today, he has extensive experience as a CISO in organisations across four industries.
Leveraging this experience, Alford founded Alford & Adams Consulting to offer strategic cybersecurity guidance to companies in a wide range of industries. And he also launched The Cyber Ranch: a podcast that explores the human perspective in cybersecurity.
He’s coming to speak at Black Hat MEA 2024. And we caught up with him ahead of the event for a quick glimpse into his perspective on security and being a CISO.
“I’m very keen on product/application security at the moment – finding ways to integrate lessons learned, input, outputs, tooling, processes into the greater enterprise security program.
“For example: How do you justify having two separate risk registers?
“I’m also working on a lot of random things like authoring AI/LLM policies, deepening the CISO relationship with Product, Log aggregation pre-SIEM and other weird stuff.”
“It’s my second podcast. I co-founded and co-hosted another one for two years prior. So I’ve produced a weekly show for nearly 5 years! I decided to go out on my own when I launched The Cyber Ranch, and decided to craft a show more to my tastes.
“What do I get out of it? I learn. So much. My guests are brilliant and bring so many perspectives and so much knowledge. My job is to ask smart questions, and that often means I must do a lot of research to ensure that my questions are not stupid. As to what else I get out of it – professional connections, friendship and money when I have the time to bother with sponsors.”
“Only in the liability/accountability sense. We’ve seen some precedents of CISOs being targeted as individuals. Otherwise it’s the same old pressures – tackling the threats and risks with less resources than desired, selling the mission to the organisation, juggling business and technical skills, trying to stay current on technology.”
“The first is not recognising the need for security in the first place, and not having anything meaningful about it at all. ‘I’m too small to be a target!’ or ‘Didn’t we already buy antivirus?’
“The second is treating it like a technology challenge instead of a business challenge.
“The third is thinking of security as an afterthought to be bolted on rather than integrated early.
“Noting that most of these mistakes are cured by having a GOOD security professional engaged, but that companies are frequently lacking any security professional, or have a bad one engaged.”
“It’s an opportunity to network. To learn. To make new friends. To teach and share. To sniff out the newest and future trends in our craft and in our industry. To learn about different perspectives and cultures. I have more meaningful conversations at such events than nearly anywhere else.”
Thanks to Allan Alford at The Cyber Ranch. Join us at Black Hat MEA 2024 to learn directly from the world’s top cybersecurity leaders.
Join the newsletter to receive the latest updates in your inbox.
New research shows that a growing number of organisations view cybersecurity as a strategic priority.
Read MoreFind out why CISOs and investors are investing in AI-powered integrated cybersecurity platforms.
Read MoreCybersecurity education in schools could empower a new generation of skilled, engaged cybersecurity professionals, and solve the cyber workforce shortage.
Read More