CybeReady’s Hi-5 brings together InfoSec leaders for peer-to-peer sharing via five short questions and insights.
Andrea Szeiler has been working in the cybersecurity space for over a decade. She held Audit and Security leadership roles in leading European companies. In 2014 she co-founded WITSEC, a professional group of women working in IT and Information Security fields. One and a half years ago she was appointed as Global Chief Information Security Officer at Transcom.
What is the biggest challenge security leaders face today and how are you looking to tackle it?
The world has changed due to COVID, especially because most of the workforce is working from home. Based on this fact, the barriers of control have shifted from the office to the employees’ home. The threat landscape also changed – attackers now recognize quickly that employees are more vulnerable than ever to social engineering attacks and we must respond to these changes fast. We are moving into the direction of ‘zero trust’, which is more of a philosophy rather than a group of toolsets.
In your view, how important are security awareness programs, and what’s a CISO’s main role in making them effective?
Security awareness programs are key to survival. Employees that work from home need to be prepared and aware of the new and more targeted attacks against them. When an employee received a social engineering mail at the office, he had people around to consult with about the strange mail. Now they need to decide on their own not to click on dangerous content. The next step after delivering the security awareness training is to keep it live and fresh, and when something happens, they should not be afraid to report the security incident. The main role of a CISO is to build a healthy environment in the organization, enable employees to make mistakes and let them learn from it.
What’s the one thing you’ll never tell an employee who’s made a security error, and how would you suggest handling the situation instead?
I never call it a mistake. First, I always thank them for reporting the incident. Together we are trying to find the reason and how the situation could have been handled better, and I never blame them! Anyone can make mistakes, and so can I. The key is how you handle the situation and if you are learning from it. Real mistakes help you improve in life and this is also true for security errors. The only exception is when there was an intentional action against the organizational requirements and rules – which would make that incidnet a totly different story.
When it comes to recruitment – what approach do you take to attract and keep the best talent, and what would be your best tip for a new hire?
I believe that a CISO must be a leader rather than a manager. The only thing I’m checking on when it comes to recruitments is whether the applicant has the passion for this job. I always tell applicants that I need employees who take responsibility based on their authority. I will not micromanage them, however, I will be there to guide them since we are working as a team. Each team member has his / her tasks and always should know what is the reason they are doing those tasks. This is also true for security awareness training – your employees will follow the rules if they know why they are applied. A CISO needs to motivate employees by letting them grow, and to be their mentor!
Finally (just for fun): if you could have dinner with any renowned figure (dead or alive), who would you choose and why?
Shon Harris, who was a prolific author of books and articles on topics related to information security. I learned a lot about security by reading her books and watching her videos. She passed away in 2014, and I can definitely say that she is my role model in IT security.
Transcom is a global customer experience specialist providing customer care, sales, technical support, and collections services through an extensive network of contact centers and work-at-home agents. With 28,000 customer experience specialists, at 50 contact centers, and a large network of home agents, across 23 countries, Transcom delivering services in 33 languages to international brands in various industries.