Leadership & Executive Communication , Training & Security Leadership , Video
CyberEdBoard Profiles in Leadership: Jon Staniforth
Former Royal Mail CISO on Aligning Security Strategies With Business GoalsIn cybersecurity, understanding the core mission of a business is essential to building effective security programs. Jon Staniforth, former CISO at Royal Mail, said CISOs must focus on business processes that are crucial to operations and manage compliance within that scope.
See Also: Key Security Challenges and Tooling Approaches for 2024: Survey Results Analysis
Reflecting on his experience in building cybersecurity programs and the lessons learned from setting up security functions, Staniforth advised CISOs to educate the executive team about risks while letting them make informed decisions. "Something I've learned over 20 years is moving from a pure techie lens to realize that it is more about changing the company and doing the right thing," he said.
"The ultimate decisions lie with the executive team because they're the ones that are making risk decisions, not just about cyber but about everything else," Staniforth said. "The decisions will be based on where they are in their company journey, what their priorities are, and ultimately, if they're there to make a profit. They've got to do that with the balance of how much can be fixed at the same time."
In this video interview with Information Security Media Group at Cybersecurity Summit: London, conducted as part of the CyberEdBoard's ongoing Profiles in Leadership series, Staniforth also discussed:
- Aligning security initiatives with core business processes to ensure compliance;
- The importance of educating executives on risk, while allowing them to decide priorities;
- The role of CISOs in setting up security functions during business transformations.
Staniforth has more than 20 years of experience in global organizations across diverse sectors, including logistics, telecom, technology, retail and financial services. He excels at addressing complex security challenges, applying his extensive background in risk management, compliance and behavioral change. He is a member of the CyberEdBoard.
CyberEdBoard is ISMG's premier members-only community of senior-most executives and thought leaders in the fields of security, risk, privacy and IT. CyberEdBoard provides executives with a powerful, peer-driven collaborative ecosystem, private meetings and a library of resources to address complex challenges shared by thousands of CISOs and senior security leaders located in 65 different countries worldwide.
Join the Community - CyberEdBoard.io.