BY ANDY BUI
On November 6, the Center for Long-Term Cybersecurity hosted a speaker series featuring MK Palmore, Director of the Office of the Chief Information Security Officer (CISO) at Google Cloud.
Cybersecurity is one of the most pressing challenges, and leaders have a critical role in helping organizations navigate the cyber landscape. In his talk, MK Palmore provided practical advice on how cybersecurity leaders can balance technical expertise with team motivation, and how leaders can apply effective leadership principles within their organizations to address the cybersecurity challenge.
Leadership in Cybersecurity
Palmore explained that he began his career with the Marine Corps. Having served in multiple government roles, Palmore said he likes “to infuse the topic of leadership” in everything he does, and is a firm believer that the cybersecurity industry and leadership practitioners are aligned. The cyber industry is not solely about technology, he explained; rather, it is about identifying leaders willing to allow for growth and development.
Palmore emphasized the importance of empathy, learning from failure, effective communication, and placing people first. “Good leadership is good leadership, no matter where you go,” he said.
Security by Design
Palmore addressed security by design, the idea that companies should strive to build safer products and deploy products that are ready to be secure and usable by consumers. With many companies “trying to leapfrog to adopt new technologies,” Palmore believes that the key to effective cybersecurity lies in the fundamentals. As an advisor for Google Cloud, Palmore stated that he often uses the phrase “do the basics well, and you will be better suited then to adopt newer technologies.”
Palmore asserted that the impact of cybersecurity is a leading topic of boardroom discussions, and the risk to enterprises of cyber incidents has grown to become the number one business risk globally. Protection of digital assets, operational risks, and impact on revenue are at the forefront of conversations regarding the adoption of new technologies.
Palmore defined the concept of “dwell time,” or “how long the adversary is actually in the enterprise with appropriate credentials, and has the ability to move before being detected.” He pointed out that cyber incidents can come from multiple attack vectors, which “can extrapolate over a large-scale business enterprise.” From a cybersecurity practitioner standpoint, enterprises are now responsible for protecting assets located all over the world. Such a feat is extremely challenging when many enterprises and organizations do not train employees in security awareness “to the point where everyone is constantly thinking about security”.
Palmore introduced a concept frequently taught to soldiers called the OODA Loop, which refers to “observation, orientation, decision, and action.” The number one security challenge, he said, lies in the ability of a defender to make decisions more quickly than their adversary.
Cloud Transformation and Artificial Intelligence
With the rapid growth of artificial intelligence, Palmore believes that cloud transformation “holds the answer to a good portion of the cybersecurity challenges for business enterprises.”
As global enterprises expand, so does the responsibility of leaders and cybersecurity practitioners to properly protect digital assets. By offloading some responsibilities, such as maintaining hardware and software applications, enterprises can benefit from the growth capabilities of a shared cloud. As organizations look to transform digitally, they seek to transfer their assets to the cloud to share responsibility. Through cloud transformation, organizations can achieve higher levels of cybersecurity and scale their businesses more efficiently.
Palmore explained that he approaches artificial intelligence using the OODA Loop framework. In the past year, there has been tremendous growth in artificial intelligence. This growth is reflected in the cybersecurity landscape as well, with many security vendors infusing artificial intelligence into their frameworks.
Overall, Palmore believes there is great potential for the role of AI in the cybersecurity industry. Undertaking repetitive tasks in an around-the-clock, hands-on operation can become a draining burden for security organizations. AI has the potential to reduce this burden by performing rudimentary and repetitive tasks through automation, which lightens the responsibilities of security analysts and allows them to focus their attention on areas that could actually cause damage to an enterprise or organization.
Palmore expects that the cybersecurity vendor landscape will evolve toward offering increased agility, increased decision-making ability, increased effectiveness, and the reduction of risk to global enterprises — all powered by AI.
