Google CISO Phil Venables on Building Strong CIO-CISO BondsCIO, CISO Must Join Forces to Upgrade Organization to More Defendable Architecture
Increased engagement from boards on digital transformation initiatives around cloud and AI adoption has spurred greater investment in cybersecurity, said Google Cloud CISO Phil Venables.
Systems built and designed decades ago have become increasingly difficult to secure, he said, and dropping tons of cybersecurity products is never really effective. Instead, Venables said, CIOs and CISOs should work together to upgrade to a more defendable technology architecture to gain more agility and efficiency, adopt an improved technology platform, and jointly pursue business and risk mitigation goals (see: Execs Say Google-Mandiant Deal to Merge Threat Intel, SecOps).
"There's a lot of talk in the industry about how there's a conflict between the CIO and the CISO, and I just don't find that anymore," Venables said. "When I speak with CIOs or CTOs at major organizations, the CIO or the CTO feels immensely responsible for the security of the organization. The CEO and the boards are looking to the CIO and the CTO just as much as the CISO."
In this video interview with Information Security Media Group, Venables also discussed:
- Best practices for maintaining a healthy CIO-CISO relationship;
- How the security knowledge of the CIO and CTO has changed recently;
- How board knowledge of security varies based on company size.
Venables leads risk, security, compliance and privacy teams at Google Cloud. He joined Google in 2020 after spending over 25 years as a CISO at multiple financial services companies including Goldman Sachs, Deutsche Bank, Standard Chartered Bank and Barclays Bank.