Trainline Security Director Mieke Kooij. Photo via CIO UK.
Trainline Security Director Mieke Kooij has almost two decades of security experience, and is a firm believer that building a robust culture around information and cyber risks is one of the best methods of protecting an organisation.
A speaker at IDG's Security Day hosted by CIO UK in June, Kooij recently discussed the evolution of the CISO role, why security leaders need to focus on people and culture, bringing boards up to speed on cyber risks, CISO reporting lines, the security vendor market, data privacy, GDPR and doing the right thing for your customers.
Where do you think the next wave of security innovations comes from - and how do CISOs 'triage' the priorities from the hype?
Mieke Kooij: What excites me right now is the cultural shift that is taking place around security and privacy, through new regulations such as GDPR. By concentrating on transparency and accountability, at long last we're focusing on what really matters: people. With this focus on personal data, the needs of the customer are put first in new ways.
At Trainline, people and culture are at the heart of everything we do, including our approach to security and privacy. We're a human technology company so it's been a natural progression. This focus on people and culture is at the front of my mind at all times, and acts as my triage tool and test.
Where do you look for creativity and innovation inspiration, and how important is it for CISOs to make times in their schedule to get away from more day-to-day CISO responsibilities and be involved in these agendas to help protect their organisations?
Mieke Kooij: I'm inspired by any number of things but creativity and innovation are attributes that are strongly fostered at Trainline, so you could say I'm inspired by the company I work for. This is also a reflection of how I was raised. Growing up, I was taught to be a leader and not a follower and that creativity and imagination were things to be cultivated and this has stayed with me throughout my career.
Security isn't purely focused on technology, and the role of the CISO is not solely a technical one. Security is about creating a culture where information and systems are protected by shifting how people interact with them. Where possible we use technology and automation to do this, but ultimately, it's about gaining consumer trust, winning hearts and minds and changing behaviour.
Sign up for CIO Asia eNewsletters.