CybeReady’s Hi-5 brings together InfoSec leaders for peer-to-peer sharing via five short questions and insights.
Mário João Fernandes, born and raised in Mozambique, has been working in the banking sector for 29 years and has been fulfilling dedicated security roles in the cybersecurity space for over 11 years. He joined Banco BPI 25 years ago and currently operates as its CISO. He was Head of IT at Banco de Fomento Angola (BFA) and served as a navy officer.
What is the biggest challenge security leaders face today and how are you looking to tackle it?
The pace of threats and attacks is quickly growing, and defenders need to react at the same speed. Traditional approaches and working alone are no longer an option. The key factors are real-time and continuous controls as well as a very strong state and international response.
In your view, how important are security awareness programs, and what’s a CISO’s main role in making them effective?
We can see security awareness as a way to install a “human firewall” on all of the individuals of an organization. The blocking capacity of those firewalls relates to the effectiveness of the security awareness programs. Since we know who the weakest link is, there is no doubt that security awareness is a top program for CISOs, which must be designed according to the diversity of their roles and to be continuously maintained.
What’s the one thing you’ll never tell an employee who’s made a security error, and how would you suggest handling the situation instead?
Making errors is in the heart of every human being. The best approach is to explain why and try to transform the person into a security “evangelist”. People who commit errors are the best to spread the right practices!
When it comes to recruitment – what approach do you take to attract and keep the best talent, and what would be your best tip for a new hire?
The best way to attract talented security professionals is to offer new challenges. No one feels attracted if the job is already done! The best recruiting tip is to make clear what the expectations for the job and the working context are.
Finally (just for fun): if you could have dinner with any renowned figure (dead or alive), who would you choose and why?
Carl von Clausewitz! Imagine if this brilliant mind could write today a version of “Vom Kriege” (On War) adapted to the current cyberspace situation.
Banco Português de Investimento (BPI, Portuguese Investment Bank) is a privately-owned bank in Portugal owned by the Spanish bank CaixaBank.