Content

Reboot 2016 Top Management: Shamla Naidoo, VP of IT Risk and Global CISO, IBM

Unemployment in cybersecurity remains at zero percent, forcing corporate management to get creative when sourcing new talent.

Undeterred by this worldwide workforce shortage, Shamla Naidoo, the VP of IT risk and global CISO at IBM, is dramatically rethinking the recruitment process for data and network security positions.

Rather than seeking only applicants who specialize in security, Naidoo looks for candidates who are experts in a particular field of business, assigning them to positions where they can excel. The cybersecurity training comes later as part of internal development.

Now in her second year as global CISO, Naidoo is looking to build out a diverse cross-section of individuals specializing in business strategy, problem-solving and technology. “You don't need to find all these skills in every person, but if we create small teams of people who collectively have all the skills to succeed on a project, then each project is a learning opportunity for people to learn from their colleagues and to develop additional skills,” Naidoo said in an interview with SC Media.

“This allows us to bring in people who may not already have a deep security background but [can] still leverage the skills they already have that we need,” she says.

For instance, Naidoo hired a developer with zero IT security experience to fill the role of an application security specialist. “My rationale was that I could teach a developer what security issues to look for,” says Naidoo. This developer was then able to “influence the coding habits of other developers” to make applications more secure moving forward.

The process works in reverse as well: Naidoo sometimes hires security specialists, who come to learn business skills from their colleagues.

“Shamla is a true master of her craft and is often ahead of the curve on implementing new approaches to managing security,” says Koos Lodewijkx, director and CTO for IT risk at IBM, in comments emailed to SC Media. “Always challenging the status quo, she is not afraid to take an unpopular position if she believes it's the right thing to do, and has a common-sense approach to everything she does.”

Lately, one of IBM's most important cybersecurity recruits is not even human. Watson – the cognitive computing program known for winning Jeopardy! and, more importantly, helping doctors sift through data to find more effective treatments for their patients – is now being trained to analyze cyberthreats.

Watson is currently engaged in a joint research project with eight universities, designed to teach the artificial intelligence program to assist security professionals in detecting attacks accurately, responding to them swiftly and analyzing scores of both structured and unstructured data.

“With the growing amount of threats and security data that exists in today's cybersecurity environment, security is definitely one area where cognitive and AI technologies can help address some of these challenges,” says Naidoo, noting that IBM itself is already exploring cognitive security technologies and machine learning for its own networks and infrastructure. “These technologies can help security analysts hone in on the threats that pose the greatest risks, and make better, faster decisions based on the data we have available to us.”

With employees operating in over 170 countries, Naidoo wants to ensure that the entire IBM workforce from top to bottom is practicing responsible data and systems management. This requires a mix of security controls and awareness training. Mobile security in particular has been a point of emphasis due to IBM's global presence. “I think the key lesson is that all endpoints need to be treated equal in a distributed network,” Naidoo stated.

 “The task can seem daunting, but my strategy is to keep my eyes on the bigger goal while also focusing on the job at hand,” Naidoo concluded. “The threats are constant, and aren't going away anytime soon, but we cannot be fearful – this is a field where we can make a difference and a change for the better.” 

Click here for the next Top Management pick Reboot 2016 Top Management: Satya Nadella, CEO, Microsoft

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.