What message would you give to the security vendor community about how they can align with the challenges of CIOs and security chiefs - and what about the startup world?
Mieke Kooij: I have strong admiration for the security startup community and encourage them to continue to strive forward. From a security perspective, they are helping mould the industry, whether from a technical or a non-technical standpoint.
Working for Trainline, a fast-growth, agile technology company, it's essential we have services that can scale and work for us as we continue to transform. Some of the smaller companies I've spoken to don't always put enough thought into scale and that is something I'd ask them to do. At Trainline, where more than 100 tickets a minute are sold, with over 45 million visits per month, scale and speed matter!
In terms of the broader vendor community my advice would be to listen more, not just tell CIOs and security leaders that they need their services or technology.
How much has the role changed in recent years - what are some of the most important attributes to manage security leadership and how much do you expect the role to change in future? What will the future CISO look like in terms of attributes/skillsets and executive influence/positioning?
Mieke Kooij: Hugely! In the past CISOs, including myself, were evangelists creating a limited set of believers. However, having people and culture as a primary focus makes it easier to spread influence across the full business to all employees.
This shift requires a degree of creativity and imagination that could never have been imagined a decade ago. I'm there to drive excitement about security and privacy and make it second nature, security (and privacy) by design.
With a spate of high-profile breaches and attacks much is being made of security as a topic for the board - what is your best advice when discussing security with boards and an organisation's most senior execs, and do you have any tips for securing executive buy-in/support to ensure you receive the necessary funding and backing?
Mieke Kooij: What matters most is having a solid understanding of the data in your control, building security and privacy into your foundations and applications, and then focusing in on early detection and response. I'm very proud of Trainline in this regard and make sure our board is kept aware that we're in good shape by design.
I'm sure there is many a CIO jumping up and down about beefing up their incident response in the wake of the recent wave of malware attacks, but if they aren't also asking if they fully know the data they have, the state of their systems and whether they have controls to detect something going wrong, then they are doing their company a disservice.
Sign up for CIO Asia eNewsletters.