The Cipher Brief spoke with Peter Piazza, Vice President for Strategic Operations at ASIS, who discussed changes in the security industry, ASIS’ role in educating its members, and strengthening the partnership between government and the private sector.
The Cipher Brief: What are the biggest changes you’ve seen to the security industry, particularly as cyber threats have overtaken more traditional security threats?
Peter Piazza: The rise in cybersecurity threats has helped make it clear that identifying, mitigating, preventing, and responding to any risks to the enterprise and its assets needs to be done holistically. No business unit can afford to act within a silo, and a corporate security professional—in particular a chief security officer—must work across all business units to assist with the identification of all risks. This is not just a change for security professionals; it represents a new way for businesses to approach risk mitigation.
Perhaps nothing can highlight the new risk environment better than a new American National Standards Institute-approved (ANSI) standard on risk management done jointly by ASIS International and the Risk Management Society (RIMS), an organization that traditionally works with the insurance industry. This standard, along with another ASIS standard on organizational resilience, highlights the way in which security professionals need to approach corporate risk holistically in a complicated business and threat environment.
In addition, comprehensive studies conducted by ASIS of the U.S. security market show that cyber is driving the growth of the industry, and the message is trickling down from large to midsize and small companies, which are investing in cyber defenses.
Finally, ASIS has a long relationship with (ISC)2, a non-profit organization that specializes in information security education and certification. (ISC)2 co-locates its annual seminar and exhibits with ASIS’s, providing members of both groups with access to a full spectrum of security education and technology in one place.
TCB: What are the primary security challenges confronting Chief Security Officers (CSOs) today?
PP: A fast-changing set of cybersecurity issues certainly presents a great challenge for all security professionals. But at the strategic level, where CSOs operate, enormous challenges come from compliance with global rules and regulations; threats that arise from geopolitical turmoil which can affect not only business travelers but also the ability of the organization to actually conduct its business (for example, how will the quickly evolving refugee crisis affect companies based or doing business in Europe?); ever-more complex supply chains (which of course can be impacted by geopolitics, man-made and natural disasters, criminal activities, and so on); and a workforce that is quickly changing both in terms of demographics and expectations of the workplace (for example, working remotely, focus on mobile computing, and wireless connectivity).
TCB: How has the role of the CSO changed in the digital age?
PP: CSOs need to have a broad understanding of cyber threats and how these could adversely impact the organization’s people, property, and assets. That requires a holistic approach to organizational risk management, one that goes across business units to help business owners identify and mitigate risks, no matter whether they are physical, digital, or some mix of the two.
TCB: How important is the public-private partnership to CSOs and other security professionals, and what can be done to improve the connectivity between government and the private sector?
PP: Public-private partnerships are a vital part of keeping people, property, and assets safe and secure. ASIS International maintains strong relationships with government groups such as the Overseas Security Advisory Council (OSAC) of the State Department, the Department of Homeland Security, the FBI, and the information sharing and analysis centers that exist in all sectors in the United States.
Good connectivity depends on the willingness and ability of both the public and private sectors to securely share information without fear of liability, confidentiality, or other issues. It’s often said that associations do what the public and private sectors can’t do; and so ASIS uses its unique position to help advance this critical conversation.
