What are prompt injections and why do they matter?
How threat actors are turning AI against itself.
Read More
Welcome to the new 116 cyber warriors who joined us last week. 🥳 Each week, we'll be sharing insights from the Black Hat MEA community. Read exclusive interviews with industry experts and key findings from the #BHMEA23 keynote stage.
Keep up with our weekly newsletters on LinkedIn, Subscribe here.
This week we’re focused on…📢
The immense value of experiencing different areas of an organisation if you work in cybersecurity.
Because we interviewed Stephen Bennett (Global CISO at Domino’s), and he said:
“In our business, ‘handling the rush’ is more than just a motto — it's a way of life. This concept is crystal clear from day one, as everyone, regardless of their role, starts by experiencing the frontline hustle in our stores.”
We think this is such an important idea. For a cybersecurity professional, even a new CISO, to start working with a new organisation and be thrown in at the deep end – not the deep end of security operations, but the deep end of day-to-day business.
In Bennett’s case, to experience the challenges of providing pizzas to customers in-store and handling a high volume of transactions. To know what it really feels like to have a customer on the phone, a queue of customers in the store, more calls waiting, and a credit card payment that just won’t go through.
To have the experience of feeling you’ve got no option but to write down a customer’s credit card number on a scrap of paper so you don’t have to ask them for it again next time your card machine fails during that call.
You get what we’re saying. 🙄
There’s a lot of judgement in cybersecurity. A tendency to blame non-security colleagues for making mistakes, having poor judgement, and not understanding the protocols they need to follow in order to protect their business.
But when you experience what it’s like to do their job it opens up a new world of empathy: you understand what they’re really facing every day, and it becomes very clear why they make those mistakes, or why they have to suspend best judgement sometimes to just get through the next hour.
This is especially true in a high transaction volume business like Domino’s, with a high turnover of staff who have to learn fast and work fast.
So consider it: Go and do their job for a day. Learn from them, instead of always being the teacher.
Not only does this cultivate empathy, it could also make you better at your job. Because what could be better research than getting out there in the field and learning firsthand what’s difficult about protecting the parameters of your company?
You might discover:
📌Why team members mismanage customer data
📌When mistakes happen – for example, at particular pressure points in the day
📌How team members feel about the security processes that exist
📌What employees in different areas of the organisation really know about cybersecurity, and where the most significant knowledge gaps lie
Bennett added,
“Seeing our product enjoyed in the wild brings an immense sense of pride, a testament to our brand's reach and recognition.”
And this also struck us as important: because how often do CISOs express that they really care about the product they’re protecting in a high-volume B2C business?
More than that – how many CISOs have engaged in actually selling that product and experiencing customer reactions for themselves?
Have you ever spent a day working on the customer-facing frontline of your organisation?
1. No vote
2. Yes (but I didn’t gain much from it) vote
3. Yes – and it was eye-opening vote
🔗 Read the interview with Stephen Bennett: 7 Pizzas per second
Do you have an idea for a topic you'd like us to cover? We're eager to hear it! Drop us a message and share your thoughts. Our next newsletter is scheduled for 21 February 2024.
Catch you next week,
Steve Durning
Exhibition Director
Join us at Black Hat MEA 2024 to grow your network, expand your knowledge, and build your business.
Join the newsletter to receive the latest updates in your inbox.
How threat actors are turning AI against itself.
Read MoreWe take a quick look at major cybersecurity funding rounds and key investment trends in 2024.
Read MorePhysical entry points: Why cybersecurity isn’t just digital.
Read More