facebook-pixel

Jean-Christophe Gaillard

About Me

Jean-Christophe Gaillard is Managing Director and Founder at Corix Partners. He is also a Non-Executive Director with Strata Security Solutions, a specialized cybersecurity firm. He has been co-president of the Cyber Security group of the Telecom Paris Tech alumni association since May 2016. He is the author of “Cyber Security: The Lost Decade – A Security Governance Handbook for the CISO and the CIO”, He contributes regularly to The Digital Transformation PeopleBusiness 2 Community, and IoTforAll platforms, as well as the Business Transformation Network. He is an expert contributor on the CIO Water Cooler and has previously published articles on InfoSecurity Magazine,  Computing, the C-Suite.co.uk, Info Sec Buzz and the IoD Director websites.

IoT Security: A simple matter of common sense for product developers and investors

IoT security issues arise from ill-advised prioritization and the inherently short-term culture of the tech world. Security should be seen as a fundamental requirement for any IoT product—even MVPs. As the attitude of consumers and regulators shifts around those matters, it's becoming a simple matter of good business. Frankly, given the virulence and widespread nature of cyber threats, the need to take security seriously and embed it natively into IoT products should be seen as a simple matter of common sense for product developers and investors.

Towards a new model of data ownership?

In the current business paradigm, replicated since by a number of online platforms, individuals willingly provide their personal information in exchange for a service. Personal data is subsequently repackaged and sold to advertisers and marketers. The unavoidable rise of the Internet of Things will only make the issue more complex, as increasingly more intrusive and personal data will start to be collected about each of us.  This poses new challenges around the issue of consent and privacy: 

Who wants to be a CISO?

Cybersecurity has developed a high profile in many organisations over the past few years. But, who wants to be a Chief Information Security Officer these days? And at which stage in your career should you consider the move? What balance of managerial and technical experience do you need to have?  And where do you go from there? Those would be valid questions for many executive positions but when it comes to the role of the CISO, they seem to acquire a different meaning.

Cyber Security in the “When-Not-If” Era

Many large organisations now assume that breaches are simply inevitable, due to the inherent complexity of their business models and the multiplication of attack surfaces and attack vectors which comes with it. This realisation changes fundamentally the dynamics around cyber security. Historically, cyber security has always been seen as an equation between risk appetite, compliance requirements and costs. Compliance and costs were always the harder factors. Risk (was always some form of adjustment variable.

The Digital Transformation and the Role of the CISO

Privacy and security considerations are the key ingredients of digital trust and must be at the heart of any industry’s digital transformation. The necessarily transversal nature of security and privacy matters needs to be woven into the fabric of an organisation for the digital transformation to succeed over the long-term. At this junction, the traditional role of the CISO – heavily influenced by a technical bias, tactically-oriented and project-driven in many firms – could become exposed.

Cloud-Native Environments: A Challenge for Traditional Cyber Security Practices

In recent years, the development of massive computing and storing capacities in the hand of a few internet juggernauts led to the rise of the cloud economy. Companies of all sizes have been moving their mission-critical servers and operations to the data centers. On the face of it, the development of Infrastructure as a Service (IaaS) should be good news for the state of cybersecurity. In this context, it is easy to believe that moving to the cloud could mean solving many of your cybersecurity issues.

What Cyber Resilience is Not About …

At the heart of cyber resilience lies a real application of “defence in depth” principles which have been well established for decades: Acting at preventative, detective, mitigative AND reactive levels, AND across the real breadth of the enterprise – functionally and geographically. It is about the enterprise being enabled by the use of data and technology, whilst remaining protected from active threats. Instead of being treated as another box checking exercise and a quick win, cyber resilience must be embedded into the right corporate structures and used to channel a different culture from the top down around cyber security.

Cyber security is becoming a matter of good corporate governance, good ethics, and quite simply – good business.

As every enterprise is becoming more and more data-driven, it is key for the Board to realize that cyber security is becoming a central tenet both of its core business and of its social impact and governance strategies. This should the basis on which the cyber security imperative is cemented at Board level. Right where it always belonged. Here are Key factors for boards and executive management to consider in 2019 around cyber security and privacy.

The 4 Pillars of a Lasting Cyber Security Transformation

There is no magical technology platform or service provider which can be – on its own – the answer to a fundamental transformative challenge around cyber security. The overarching challenge for the CISO lies in getting senior management to see that long-term change is rooted in a long-term vision and long-term planning which takes time to establish. Simply throwing money at the problem in the hope of making it disappear, without a proper consideration of those matters simply leads to failure and can only aggravate the perception by senior stakeholders that security is just a cost and a burden.

The Two Factors Killing GRC Practices

In many firms, the equation between Governance, Risk and Compliance around cyber security is becoming heavily weighted towards the G, and GRC functions must adjust as a result, both in terms of internal structures and in terms of interactions with other stakeholders. In particular, first line and second line must work together on this. They must trust each other and look beyond absurd and arbitrary “separation of duties” concepts, to produce meaningful data for the business, around which meaningful decisions will be made to protect the firm.

The Harvard Innovation Lab

Made in Boston @

The Harvard Innovation Lab

350

Matching Providers

Matching providers 2
comments powered by Disqus.