On Wednesday 18 November, HSD Office organised an online mini CISO / CIO conference with the theme Leadership. CISOs and CIOs from the existing intersectoral CISO intervision groups, as well as CISOs and security specialists who are not yet affiliated took part in the Conference.
CISOs and CIOs often have a somewhat lonely role within their organization, as Joris den Bruinen, director of HSD, stated in his welcome speech. "They are often seen as a bummer or admonishing finger. But there is great enthusiasm and will to learn, and how better than from each other?"
The conference kicked off by Elsine van Os, CEO of Signpost Six, who translated her specialty insider fraud into the leadership qualities expected of CISOs. Leadership qualities to keep the organization together and to deal with internal threats, especially in Corona time. Cultural change is difficult but crucial and the CISO has an important role in this. Her story generated a lively discussion on topics such as zero trust, European examples and privacy.
Ardie Kleijn, CISO of the National Police, argued that leadership is letting go - providing the frameworks and giving your people the tools to implement them themselves, with room for individual interpretation. This means, among other things, that you have to involve your people much more at the front. This was also discussed extensively. They thought it was a daring idea and wondered how and whether these principles could be translated into their own organization.
Werner Overdijk, director of Crisisplan, took the CISOs along in four dilemmas where expectations and practice collide. For example, he stated that the expectation from outside is often that security has maximum priority, but within the day-to-day practice of the organization there often turn out to be many other priorities. In his break-out, the groups went looking for solutions to bridge these gaps.
Afterwards, those who still wanted to have a chat in different break-out rooms. Contact information was exchanged and agreements were made to have a coffee - for the time being virtually.
The added value of a meeting such as this one is bringing together people from the same field but from very different organisations. There are lively discussions and speakers are often rebutted. But they listen intensively to each other's solutions - they really want to know how the others approach it and what they can learn from it. And help each other.
Do CISOs and CIOs have a somewhat lonely role within their organisation? Perhaps. But put them together and lively discussions are guaranteed.