C-level Insights: Madrid-based CISO Isabel María Gómez

C-level Insights: Madrid-based CISO Isabel María Gómez

Isabel María Gómez, a Madrid-based CISO, describes the biggest challenges for cybersecurity leaders in the evolving digital landscape, discusses the importance of understanding broader business objectives, and tells us about the importance of regularly reviewing and adjusting priorities based on emerging threats and business needs.

Isabel María Gómez

How do you cultivate leadership within your cybersecurity team and foster a culture of continuous learning and innovation in cybersecurity practices?

Cultivating leadership within a cybersecurity team is an on-going task that requires ethics, empathy and leading by example among others.

Everyone on the team needs different options and a constant ability to change hats. It’s important to give each of them the best that can be offered in terms of knowledge, attention, learning, new opportunities and a new vision that helps everyone row towards a common goal.

My team knows my commitment to them and I demonstrate this to them, for example, by providing continuous learning opportunities through training, certifications and access to

cybersecurity industry events.

I also promote cross-functional collaboration to broaden perspectives and improve problem solving such as when we all sit down together to look at information directly on a console and an environment of learning and collaboration is generated. They know I’m not asking for anything I haven’t done before.

I encourage open and respectful communication to facilitate learning from both successes and failures, recognising and rewarding contributions, helping with improvement points in the team’s capabilities.

How do you measure the success of your leadership and team development initiatives within the cybersecurity department?

In the most conventional way, measuring the success of something always involves establishing a scale against which to compare it and therefore involves evaluating qualitative and quantitative metrics.

Various types of Key Performance Indicators (KPIs) such as incident response times, number of prevented security breaches and system uptime can provide quantitative data on the effectiveness of the team.

Other tools such as employee 360 rating surveys, employee retention rates and feedback sessions can provide qualitative insights into leadership effectiveness and team morale.

Regularly reviewing these metrics against established benchmarks allows you to assess the impact of initiatives on team performance. However, there are also other metrics that indicate the health and morale of a team, which often go more unnoticed such as the number of days in advance of finishing project tasks, unsolicited improvement proposals you receive or interactions in technical discussions, etc.

What are the top challenges in maintaining a balance between day-to-day cybersecurity operations and pursuing innovative security projects, and how do you navigate these challenges within your team?

The main challenges in balancing day-to-day cybersecurity operations with innovative security projects include resource allocation, task prioritisation and keeping up with the rapidly evolving threat landscape.

To come to fruition with these challenges, it is crucial to implement effective time management practices, lab innovation and new idea management within the team without losing sight of the business.

Regularly reviewing and adjusting priorities based on emerging threats and business needs will also help the team remain agile and responsive.

How do you ensure that cybersecurity strategies align with overall IT and business objectives, contributing to the success of the organisation?

IT and cybersecurity, while separate, go hand in hand in most companies. Ensuring that cybersecurity strategies align with overall business objectives requires regular communication and collaboration in an environment of transparency.

A good starting point is to begin by understanding the broader business objectives and how IT supports these. Cybersecurity initiatives can then be designed and developed by broadening the organisation’s asset protection objectives to facilitate business operations and growth.

Another key may be to participate in strategic planning sessions with IT and business leaders together ensuring that cybersecurity measures are integrated into organisational planning and decision-making processes, because at the end of the day we all want to contribute to the overall success of the organisation.

How do you foster a collaborative environment within your cybersecurity team, especially when integrating new technologies or security methodologies?

I tend to organise regular knowledge-sharing team meetings, such as workshops or meetings where I serve as a facilitator, where team members can learn from each other and from outside experts.

I encourage the creation of cross-functional teams for specific projects that blend different skills and perspectives, enhancing participation and out-of-the-box thinking.

Last and not least, I recognise and reward collaborative efforts and achievements to reinforce the value of teamwork. It is necessary to say when a good job has been done just as it is necessary to positively address points of improvement or understand why friction may occur. By creating a culture of trust and mutual support, my team members are more likely to contribute and adopt new technologies and methodologies effectively.

How does your cybersecurity strategy incorporate a customer-centric approach and what role does technology play in improving customer data protection and experience?

Our cybersecurity strategy fully aligns with our business strategy by incorporating a customer-centric approach by prioritising the protection of customer data and ensuring a seamless and secure user experience.

From cybersecurity we actively engage with customers to understand their needs and concerns regarding data privacy and security, reaching out to establish synergies between the different security teams in the security chain that protects the customer and includes our third parties.

By integrating customer feedback into our cybersecurity framework and leveraging cutting edge technologies, we aim to build trust and deliver an ethical, excellence-based customer experience.

What do you think will be the biggest challenges and opportunities for cybersecurity leaders in the evolving digital landscape?

The biggest challenges for cybersecurity leaders in the evolving digital landscape include managing the increasing complexity and sophistication of cyberthreats, ensuring data privacy amidst strict regulatory environments and addressing the cybersecurity skills gap.

Rapid technological advances, such as the proliferation and adoption of AI and Machine Learning, introduce new vulnerabilities and expand the attack surface. Some to keep in mind are:

1. Ransomware continues to rise: Ransomware attacks reached worrying levels, affecting small businesses to large corporates. The importance of proactive security and robust back-ups is more evident than ever.

2. Supply chain vulnerabilities: The digital supply chain has become a frequent target. Supply chain risk management is critical to prevent exploitation of breaches and ensure the integrity of products and services.

3. Sophisticated phishing: Phishing techniques are becoming more sophisticated every year with AI, favouring social engineering and fooling even the most cautious users. Continuous education and awareness are essential to protect against these threats.

4. IoT and connected devices: The rise of Internet-connected devices widens the attack surfaces. Security in the Internet of Things (IoT) is now crucial to prevent threats that could affect privacy and personal safety.

Opportunities lie in leveraging technologies such as AI, Blockchain and quantum computing to improve security measures, automate threat detection and improve incident response times. Balancing innovation with security, adapting to regulatory changes and cultivating cybersecurity talent will be critical for leaders navigating this landscape.

How do you stay on top of emerging cybersecurity technologies and decide which ones to integrate into your organisation’s security operations?

Staying on top of emerging cybersecurity technologies involves continuous learning and active participation in the cybersecurity community.

This includes attending industry conferences, participating in webinars and workshops, subscribing to cybersecurity publications, and being part of professional networks and online forums.

In deciding which technologies to integrate into the security operations of the companies we work with, we conduct thorough assessments that consider factors such as the technology’s alignment with our security needs, its scalability, cost-effectiveness and compatibility with existing systems.

In addition, we consider the vendor’s reputation, ESG reporting, customer reviews and compliance with industry standards.

Can you share your vision for Digital Transformation within your organisation, specifically focusing on the role of cybersecurity and how you plan to achieve it?

My vision for Digital Transformation within the organisation emphasises cybersecurity and cultural change as the fundamental elements, ensuring that innovation and business go hand in hand.

My primary goal is to integrate cybersecurity with as little friction as possible into all digital initiatives from the outset, rather than as an afterthought, to enable secure and resilient digital operations.

This involves adopting a ‘security by design’ approach when developing new digital services and products, a zero-trust policy or even a reorganisation of IT architecture ensuring they are built with robust security measures built in from the start.

Collaboration with stakeholders is key and ongoing training for our team will ensure that cybersecurity considerations are integrated at every stage of our Digital Transformation journey, supporting the growth of the organisation while protecting its assets and stakeholders.

Browse our latest issue

Intelligent CISO

View Magazine Archive