Michael Redmond, Deputy CISO, City of Louisville, speaks with Christian Dreisbach, Business Development at Centric Consulting in a video interview about understanding the next move of bad actors, the importance of the right degree, the role of CISO today, and keeping up with work-life balance.
When asked how to speculate on the next move of bad actors, Redmond mentions LinkedIn as one of the key resources. On top of that, she mentions following publications and websites, and getting into the email list of government sites that share information on keynote threats.
Further, Redmond mentions FBI announcements on threats coming out, which happens usually when someone is hit by one. Therefore, she recommends taking penetration classes, which she affirms to have taken.
Commenting on the importance of having the right degree, Redmond recalls conducting a LinkedIn survey on the necessity of degrees versus experience while hiring a CISO. Consequently, there was a 50-50 split which led her to do two MBAs in risk management and information security.
Reflecting on the decision, Redmond states that she chose the more innovative program. She notes that the course taught how to deal with project management while dealing with business continuity, cybersecurity, information security, risk management, governance, and compliance.
Highlighting the importance of multi-specialized degrees, Redmond shares how it has taken things to a different level for her. With prior experience in the risk management sector, she affirms learning new techniques, and ways to explain things in a way that everyone understands.
The world has changed since her first MBA and the CISO role has evolved, says Redmond. She asserts that a CISO retains the same knowledge level as a CEO and believes that the CISO should be able to replace the CEO in an emergency.
To support the statement, Redmond states that while working for the City of Louisville as CISO, she also took classes in operations and information security for medical devices. She maintains that knowledge makes a massive difference.
Delving further on the changing CISO role, Redmond notes that earlier CISO was just a manager with no technical background. Then, it changed to a technical background with no management skills, and now a CISO must think like an executive, and be a manager.
The CISO role will be all-encompassing with stronger teams underneath, says Redmond. It will be a pyramid where the CISO will not handle threats so much but they will know and manage the teams that do.
Adding on, Redmond says that if the head of cybersecurity does the same work as teams, there will not be a need for the head. Moving forward, she affirms interviewing top international CISOs and is blessed to have large international companies with their opinions.
Commenting on work-life balance, Redmond mentions reading how many CISOs quit after two years due to overwhelming pressure. She further states that personality matters and one has to move on to a new field.
In conclusion, Redmond says that companies have had major incidents even after due diligence, risk assessments, impact analysis, and penetration testing, and it happens.
CDO Magazine appreciates Michael Redmond for sharing her invaluable insights with our global community.