Cyber Resilience: The Biggest Gaps and How to Bridge Them

00:00:05:09 - 00:00:31:13
Hello and welcome to the Dell Technologies Forum podcast series, where we focus on transforming ideas into innovation faster. In this series, we invite Dell specialists and experts from around the world to share with us the collaboration we had with customers in key areas of technology development. I'm your host, Courtney Hughes, director of Global Brand campaigns for B2B here at Dell Technologies.

00:00:31:15 - 00:00:55:09
In today's episode, we will be looking at the area of cyber security to discuss this broad and complex topic with me. I am so delighted to be joined by Liz Green, European Advisory and Cyber Lead at Dell Technologies. Liz, Hi, and thank you so much for joining us. Hello, Courtney. So great to be here today. Thank you for the time and really looking forward to the discussion.

00:00:55:11 - 00:01:23:01
Me too. And by way of setting the scene, what do you see as the biggest gaps that organizations have when they look to implement zero Trust cyber strategies, build resilience and improve their risk posture? Thanks, Courtney. Big question. So we would need a full series of podcasts to answer that. What I will do is I'll give you a few kind of high level just from my perspective.

00:01:23:01 - 00:01:49:21
So by way of introduction, I spend time with some of our largest clients and partners helping build strategic solutions to the problem of cyber risk. So unfortunately, we're not seeing, you know, ransomware, malware, destructive cyber attacks going away. It's all about building resilience and being able to implement the right strategies, people, process, technologies to help kind of address these new threats that we're seeing.

00:01:49:23 - 00:02:15:18
So I guess, you know, what gaps I see in that work I do. There are a few that come to mind. I think the first is there's a clear lack of awareness and understanding about the problem. Right? So I'm seeing, you know, leaders that are really worried about certain threats and not necessarily knowing how, you know, technology, strategy, what they're investing in can really help or hurt with that threat.

00:02:15:18 - 00:02:51:18
So I think there's honestly a lot of enablement we do at the very basic level with our clients at senior levels, you know, talking about what is a backup, what is disaster recovery, what is this new concept of cyber recovery? What does it mean when we hear is zero trust? What does that actually mean? Right. One of the basics and I think, you know, leaders that are really good, understand that they might not know everything and want to collaborate not just with the likes of Dell, but other, you know, technology providers, other partners, even hearing from their competitors on how they're looking at this problem.

00:02:51:18 - 00:03:24:00
So we're seeing the space of collaboration open up as a response. Another thing I think is a gap is we're seeing very siloed teams and technologies. I think every organization has a degree of this. Some are better than others (and others). Yeah, and you know, we actually have another podcast on Cyber Resilience little plug for that that I'm on and we had RC So John Simone, Julian and he talked all about, you know, how he is trying to break down those silos through his organization.

00:03:24:02 - 00:03:44:24
And I think that's something that a lot of leaders not just cyber leaders, but business leaders are trying to do because otherwise you're going to have things like shadow IT You know, people buying technology assets without the rest of the business knowing it, that creates a risk. Now we're seeing shadow AI so people using different A.I. tools without the wider organization knowing it.

00:03:44:24 - 00:04:11:13
So I think silos are not good, they're not avoidable entirely. But you know, the more we can do to be collaborative in one ecosystem, the better. That would be another thing. And the last and then we can move on because again, huge topic is I'm seeing that organizations still have a lot of legacy assets in systems. So everyone wants to move to the cloud or that was the big conversation du jour in the last decade.

00:04:11:15 - 00:04:33:00
There's an acknowledgment that to get there was more work than they thought, that there is actually a lot of complexity. And I think now, again, bringing AI back in, there's an acknowledgment that we might want some of those data sets living on premise. So it is important that we build private clouds and kind of modernize that estate. So I think the legacy systems just present complexity.

00:04:33:00 - 00:05:00:00
They're harder to really protect. And that's another piece I think a lot of our clients struggle with. Okay. So if you were dropped in right now to lead an organization today as a CISO, what would you start doing immediately and what steps would you take to build greater cyber resilience? Well, that's a fun question. So yeah, if anyone's out there wants me to be the CISO this is the exam question.

00:05:00:00 - 00:05:20:08
If I was being interviewed, and I guess for me and I mean this isn't unique, this is what the regulators are requiring governments as well know what your key services are, whatever you are. If you're an organization, you're a financial services firm, what are your key services that you would fail to be that organization or that business without?

00:05:20:10 - 00:05:57:01
Make sure those services and data sets that require those services to run are protected. And protection means, again, getting into that enablement piece, isolating critical data sets, off the network so that in the event something happens, be it malware, ransomware and otherwise you have a usable copy, you can recover. So I know that's actually a bit more tactical in some ways, but I think knowing what your key services are, how they're being protected and what the process is to recover them, you can then go about modernizing and making everything pretty and securing the rest of the business.

00:05:57:01 - 00:06:15:17
But if you try to do all the other things first, it's really a matter of of when, not if. And you know, if you are impacted and you don't have a plan because you've been trying to get another platform in that's going to protect this or that. And not look at those key services, then your organization may not be here tomorrow.

00:06:15:17 - 00:06:38:07
So. Right. I think starting there is kind of fundamental. Can you talk about the importance of, you know, having that plan and why connecting it to the business is important? Totally. So we see all the time with anything related to cybersecurity. They want the security team to lead it or even the IT team to lead it, and that is wrong.

00:06:38:10 - 00:07:00:09
I mean, those people should be involved in and maybe even in some sort of leadership capacity. But this is a business problem. It is the business that is going to be impacted in the event of a catastrophic cyber attack. It is going to be the business services that really frankly, the CEO and the chief operating officer are most worried about.

00:07:00:11 - 00:07:22:04
Those are the kind of key services that need to be prioritized. And oftentimes IT and security might not be aware of what kind of SLA or obligations those people have to the market, to their customers. And so, yeah, it's really important. The business is bought in, is aware and is involved in these strategies. Right, because they do have implications.

00:07:22:05 - 00:07:46:19
to your point, like legal implications as well. Yeah, absolutely. And I mean, oftentimes we work with IT who will have, you know, a set of tiered applications that they know are important, but they might not have the meaning behind it. Right. We want people to be able to apply for a loan or take money out of ATM's if the bank is not, you know, able to be up and running and operational.

00:07:46:23 - 00:08:10:23
And it may not have that context all the time. So it's important to have business involved. Right. And as a leader in cybersecurity at Dell Technologies, what positive changes would you like to see in the field of cyber? So many I know we're going to get day by day, but Courtney, let's start with the first. More diversity in cyber, okay?

00:08:11:00 - 00:08:36:12
And that's not just gender. It's race, it's age. It's thought, we want neurodiversity as well. That is a problem. This is one of the biggest challenges that is facing not just businesses, but organizations in the world today. Right. Cyber threat. And that cannot be solved by one particular group of people. Right. It needs to be lots of different people working together, looking at the problem in different ways.

00:08:36:12 - 00:09:04:15
So, number one, want to see that more women entering, more people of color, more people with different backgrounds. Right. I think we need lots of different people working together. The second is we want more people entering the profession entirely. There's a huge gap. So I think I just read there's around 3 million heads needed just in the UK alone to fill some of the vacancies for cyber security roles.

00:09:04:17 - 00:09:27:01
And what's interesting is those are not technical roles. These are for soft skills. So communication, being able to articulate technology to business outcomes. So I think that's another piece is we need more people in the profession and then I guess the last is, we want to provide more access to these skills and resources in early school education. So people actually think that this is a career for them.

00:09:27:01 - 00:09:53:22
So curious, your thoughts, Courtney? You know, you're in this world as well. I think to be honest, I think those three things are, regardless of what sector or field that you work in, I think all of them are going to be important. Yeah. And should be a priority. Yeah, I couldn't agree with you more. And so just before we wrap up today, I want to encourage you, our listeners, to continue the conversation by attending the Dell Technology Forum Roadshow at a city near you.

00:09:53:24 - 00:10:13:03
And if you've missed it, don't worry, there's a wealth of valuable resources on the Dell Technology Forum site where you can listen back on demand. Liz, again, thank you very much for your time and for your valuable insight. It has truly been a pleasure to speak with you today. Absolutely. Courtney, thank you so much for having me. It's been great.

00:10:13:05 - 00:10:21:16
Yes. And to our listeners, thank you. We hope you join us next time. This series has been brought to you in association with Intel and Microsoft.