Ken Gonzalez is the managing director at NightDragon Security – and on an episode of IT Visionaries, he talks with host Ian Faison the current state of cybersecurity, and what we can expect from the field in the near future.
Here are some of his key insights.
Partnering with and selling to CIOs
Ken says that as the years have gone by, the role of the CIO has changed – they are much more involved in the business strategy of the organization, now. They also control the budget, so when you are selling cyber security solutions, you are selling to the CIO. The most difficult part of selling comes when you have to change people’s minds. It’s very simple to explain a product and how it works, but it’s more of a challenge to explain why you need the product, why you should change your behavior – why everyone in your organization needs to change their behavior, and convince them that your way is the best way.
“I love working with IT folks who have a history of delivering on projects – small or large – and realizing that the adoption of technologies is probably the majority of the battle,” Ken says. “Relatively speaking, it’s easier to buy things and turn them on then to actually get people to use it.”
Why get into the cybersecurity business?
For Ken, who has a background in the military, working in cybersecurity is like having a mission every day to stop the bad guys. And, because the bad guys are constantly innovating, attacking and looking for new and more sophisticated ways to break in – the work of a cybersecurity expert is never done.
“Bad guys are doing bad things every day in new and innovative ways,” Ken says. “It’s one of the few places where you’re on a mission every single day. It’s like, ‘how do I stop bad guys? How do I stop bad guys and get them kicked them off our networks?’ And so as I’ve actually a fulfilling business to be in.”
But how do you go about fighting the bad guys? According to Ken, you need to know what your core assets are, and the way hackers are trying to get to them. Then you have to figure out a way to know if someone was trying to attack you. When you understand all of those factors, you can build a strong framework for your cybersecurity.
The difference between C-suite roles
In every organization, there is some combination of a CIO, CISO, CSO CTO, and CDO. Each has a specific job, but the roles have been morphing and blending or expanding a lot more in recent years.
When Ken first started in cybersecurity, the CSO would report to the CIO, and that is still the case much of the time. However, in many organizations, the CSO has completely separated and is now running a parallel part of the business.
“There has bee a little bit of a separation of church and state,” Ken says. “The CIO buys, runs, and maintains infrastructure, then the CSO secures it.”
For more insights, listen to the entire episode here.