Building A More Strategic Security Culture In 2020

Rubrik CISO Rinki Sethi’s outlook on upcoming trends in privacy and security culture, automation, and culture – trends set to impact the near future of the enterprise.

security culture

Pexels / Pixabay

A cybersecurity veteran that has built and grown technical security teams at Fortune 500 companies (IBM, Palo Alto Networks, Intuit, others), Rinki knows how to successfully implement internal cybersecurity strategies and can be a great source for you. Now at Rubrik, the Multi-Cloud Data Control company, Rinki has unique thoughts on the industry.

Get The Full Ray Dalio Series in PDF

Get the entire 10-part series on Ray Dalio in PDF. Save it to your desktop, read it on your tablet, or email to your colleagues

Q3 2019 hedge fund letters, conferences and more

Security, Culture, Compliance, and Privacy will come together:

Most businesses compartmentalize security and privacy responsibilities into specific, separate organizations in the hopes of streamlining operations. For example, when a company develops a GDPR-related security initiative, the work will run through the privacy or compliance organization that generally report into a legal team. This organizational structure may have worked well in the past, but now with all the overlap between security, privacy, and compliance it is important that these functions are brought closer together both in organizational structure and in how they collaborate – instead of reinforcing traditional silos that businesses are hard to break down. In 2020, we’ll see businesses start to rethink how they are organized around security, privacy and customer trust, enabling teams to work through industry challenges with a more holistic approach, giving rise to one larger organization such as a Data Trust Office.

Automation will become a core investment to retain top security talent.

Much has been made of automation taking jobs, but in reality the opposite will happen – automation will be the key to retaining top talent. A major reason people leave their jobs is a lack of meaningful work, and businesses are increasingly turning to automation and other tactics to eliminate monotonous work that high potential employees would not find challenging. Rather than hiring talent in an already extremely competitive space to handle tedious tasks, a strategy in which employees are encouraged to automate repetitive tasks – will not just retain existing talent but will also attract new talent.

Also, as automation replaces mundane work, employees will have the time to learn new skills and find opportunities to focus time on what gives them a sense of purpose. As businesses seek to drive employee satisfaction, they’ll also find that hiring talent from non-traditional security backgrounds  will bring much needed thought diversity in the security industry to solve the toughest challenges ahead of us.

Developing a security culture will no longer be just a compliance check-the-box activity:

Driving security trainings with a two-hour, check-the-box training is ineffective and a complete waste of resources. In fact, it might even create a false sense of security for trainees if it doesn’t provide tools that employees can use  to strengthen security practices. In 2020, companies will be more strategic in how they use their employees’ time when building security culture and awareness. More specifically, we will see a refocus on programs that build up better security behavior with interactive training that teaches employees how to identify bugs, hack their own work, avoid phishing scams, and more. The stakes for security will always be sky high, and these types of trainings are key to solving a problem that has yet to be truly solved: ensuring every employee is armed with security best practices that they can and do leverage in day-to-day work.



About the Author

Jacob Wolinsky
Jacob Wolinsky is the founder of ValueWalk.com, a popular value investing and hedge fund focused investment website. Prior to ValueWalk, Jacob was VP of Business Development at SumZero. Prior to SumZero, Jacob worked as an equity analyst first at a micro-cap focused private equity firm, followed by a stint at a smid cap focused research shop. Jacob lives with his wife and four kids in Passaic NJ. - Email: jacob(at)valuewalk.com - Twitter username: JacobWolinsky - Full Disclosure: I do not purchase any equities anymore to avoid even the appearance of a conflict of interest and because at times I may receive grey areas of insider information. I have a few existing holdings from years ago, but I have sold off most of the equities and now only purchase mutual funds and some ETFs. I also own a few grams of Gold and Silver