Prior to the conference, we had the opportunity to chat with Scott Cruickshanks, Executive Director in the Cyber Security Team at J.P. Morgan, who shared his insights on digital transformation challenges in cyber security, how to build a strong culture of cyber security, and the future of demand for cyber security talent. Read his full interview below.
Scott leads the Cloud Secure Enablement and Risk team. He has spent the past 4 years ensuring that J.P. Morgan Chase’s public cloud environment has been built with security at its core. Prior to his work on the public cloud platform, Scott had multiple cybersecurity roles aligned with JP Morgan’s Corporate and Investment Bank line of business.
Scott was delivering a keynote speech on the topic of “Digitalization in the banking and finance industry: Cloud security”. He was also participate in the panel discussion on the topic of “Security measures: How to balance acceptable risks against convenience while transforming digitally” together with Alina Matyukhina from Siemens, Carlos Arglebe from Siemens Healthineers, Lars Minth from Swiss Securitas Group, and Philipp Grabher from Kanton Zürich at the Global Cyber Conference 2022.
What is the number one challenge to a secure digital transformation in cyber security?
The time taken to implement things in a secure scalable way – the business needs to move fast to meet customer demand which often results in one-off security solutions being implemented which may work in the short term but is ultimately just creating technical debt.
How can security leaders better help their organizations build a strong culture of security?
Spend time explaining why having strong cyber controls is adding real value to the customers, and in many industries, is seen as a differentiator between competing products. Security leaders should share real-life use cases of compromises that occurred when the controls weren’t in place and the damage it had to the company’s end users.
What are the most common misconceptions that you believe businesses have about cyber security?
That there is a correlation between the number of cyber tools a company has and how secure they are. One tool that is configured correctly for an organization’s eco-system will likely outperform multiple tools that have not been implemented.
Cyber security is a constant battle, with demand for cyber talent continuing to increase and outpace supply. How do you see the future of that situation?
In the long term, the cyber security industry will have to rely more heavily on the automation of controls as having manual processes isn’t scalable. In the short term. more focus should also be put on re-training the existing workforce instead of the emphasis being on hiring cyber talent from outside.
What do you foresee will be the biggest obstacle for security leaders and practitioners to overcome in 2023 and the years ahead?
I would mention 2 big obstacles here:
- staying on top of emerging technologies
- the new threat vectors they may create