Hi-5 brings together InfoSec leaders for peer-to-peer sharing via five short questions and insights.
Lesley Marjoribanks has been working in the cybersecurity ecosystem for the last 12 years. She held Customer Security and Security Awareness management positions at the Royal Bank of Scotland (RBS) for the past 11 years. Five months ago she was appointed Security Education, Skills & Awareness Lead at M&G.
What is the biggest challenge security leaders face today and how are you looking to tackle it?
The ever-changing and expanding threat landscape. Every day we see different threat vectors that harm our companies and it’s affecting the decision on which ones to educate our colleagues about, and which message is the best “bang for our buck”. We need to address those security needs, without overloading our colleagues with information that doesn’t pose a real threat, so we don’t “turn them off” and to have them think: “God, it’s them again, what do they want NOW!”.
In your view, how important are security awareness programs, and what’s a CISO’s main role in making them effective?
Of critical importance. The eternal problem is reporting on the effectiveness of the awareness you perform. Getting your CISO and the Board up to speed so that they realize this importance is key. Although there may not be lots of reporting MI we can use, security awareness is not a fluffy add-on. It’s a must-have.
What’s the one thing you’ll never tell an employee who’s made a security error, and how would you suggest handling the situation instead?
Never chastising them, ever. Instead, explaining that they are crucial and our last line of defense, goalkeepers if you like. These situations are training opportunities and not opportunities for disciplinaries etc. The direction we would give would be to reach out to us for advice if they’re ever unsure about anything to do with security.
When it comes to recruitment – what approach do you take to attract and keep the best talent, and what would be your best tip for a new hire?
For awareness roles? Well, this is easy for me, it’s communication, innovation, and engagement. I’m not so bothered about background or security experience, I currently have a cameraman and a librarian working for me and it’s that diversity and creativity I love. They can learn the rest while in the job but most important is that we grab colleagues’ attention and THEN we educate them.
Finally (just for fun): if you could have dinner with any renowned figure (dead or alive), who would you choose and why?
Michelle Obama, hands down. Charisma, respect, grace, all stand for what she believes in.
M&G is a leading international savings and investments business, managing investments for both individuals and for large institutional investors, such as pension funds. With roots stretching back more than 170 years, M&G plc brings together a diverse set of asset management capabilities and insurance expertise to offer a wide range of solutions for different types of customers in 28 markets around the world.