By CXOCIETY | FutureCIO FutureCFO FutureIoT
The podcast currently has 412 episodes available.
Contrary to their predictive decline in value, a 2024 Forrester report noted that among global infrastructure hardware decision-makers, 61% said that their firm uses a mainframe. Of those that use mainframes, 54% indicated that their organisation would increase its use of a mainframe over the next two years”.
With 71% of Fortune 500 companies still using mainframes, advancing technologies and evolving business drivers in 2024 highlight the challenges posed by neglecting mainframe modernisation that can lead to operational inefficiencies and risks, making it imperative for decision-makers to act decisively in embracing transformation.
In this PodChats for FutureCIO, we are joined by Praveen Kumar, Vice President for Asia Pacific, Rocket Software, who will pontificate on the importance of mainframe modernisation as a business-critical priority in 2025.
1. How can CIOs align their mainframe modernisation efforts with the organisations’ broader digital transformation strategy, especially as they integrate AI technologies?
2. What specific benefits can be drawn from modernising mainframe systems regarding operational efficiency and cost reduction?
3. How should CIOs and HR leaders address the skills gap associated with legacy programming languages as they transition to more modern platforms?
4. What strategies can they implement to smooth migration from legacy mainframe environments to cloud-based solutions?
5. How can CIOs and CISOs leverage AI to enhance the performance and security of modernised mainframe systems?
6. What role do external partners play in facilitating mainframe modernisation, and name one approach to help select the right ones?
7. What metrics should CIOs use to measure the success of their mainframe modernisation efforts?
As we move deeper into the digital age, the significance of cybersecurity cannot be overstated, particularly in Asia, a continent characterized by its diverse cultures and rapidly evolving economies. By 2025, fostering community cybersecurity readiness will be crucial for several reasons, including protecting economic stability, safeguarding cultural heritage, and enhancing social cohesion amidst the growing threats posed by cybercrime.
Sharing with us his views on just how organisations can do their part to raise community cybersecurity readiness, we are pleased to be joined by Matthias Chia, director of Strategy at the SANS Institute.
What is the SANS Institute in the context of cybersecurity?
1. How would you assess the level of awareness and interest in cybersecurity among communities in Asia?
2. In what ways can technology companies collaborate with educational institutions to enrich cybersecurity training?
3. How can we measure the impact of community engagement in improving cybersecurity awareness and practices?
4. What strategies can we implement to motivate young people to pursue careers in cybersecurity?
5. Do you think there is, today, adequate and equitable access to cybersecurity training for all youth, especially in underserved communities?
6. Recalling NIST’s efforts to partner with public and private organisations, can you elaborate on the role strategic partnerships play in enhancing cybersecurity resilience within local communities?
7. At the national level, what is the role of public-private partnerships in strengthening national cybersecurity efforts?
8. We are coming into 2025, any call to action for businesses, governments, and the communities of Asia in general on how everyone can contribute to raising community cybersecurity readiness in 2025?
Gartner defines privileged access management (PAM) as tools that provide an elevated level of technical access through the management and protection of accounts, credentials and commands used to administer or configure systems and applications.
Available as software, SaaS or hardware appliances, PAM tools manage privileged access for both people (system administrators and others) and machines (systems or applications).
Gartner defines four distinct tool categories for PAM tools: privileged account and session management (PASM), privilege elevation and delegation management (PEDM), secrets management, and cloud infrastructure entitlement management (CIEM).
It is widely expected that in 2025, PAM will be shaped by advancements in artificial intelligence, machine learning, and automation, enabling more proactive and adaptive security measures. As regulatory compliance becomes more stringent across various industries in Asia, organizations will be compelled to adopt robust PAM solutions to safeguard sensitive data and ensure accountability. The convergence of hybrid work environments and cloud technologies will also necessitate re-evaluating PAM strategies, emphasizing the need for flexible yet secure access controls.
In this PodChats for FutureCISO, Phil Calvin, Chief Product Officer, Delinea, shares his views on some of CISOs' approaches when modernising PAM strategies for a security-first world.
1. How have PAM tools and strategies evolved in the last two years following hybrid work, the shift to the cloud, and more recently the heightened interest in AI, ML and automation?
2. For those that have already started to embed AI, ML and automation into their PAM strategies, what has worked and not worked?
3. Any lessons learned when it comes to integration AI and ML into existing PAM implementations?
4. What metrics should CISOs use to measure the effectiveness of their PAM solutions and practices?
5. Given the heightened interest around data privacy and protection, but disparate guidelines and frameworks, what steps should CISOs/enterprises take to ensure compliance with regional regulations concerning privileged access?
6. How can CISOs ensure that their PAM solutions are scalable as the organization grows?
7. What role does zero-trust play in PAM strategies and how do you see zero trust evolving in 2025 to PAM implementations?
8. How do you see enterprises leveraging identity governance to strengthen their PAM initiatives?
9. Our topic is modernising PAM strategies for a security-first world, what’s in store for Privilege Access Management in 2025?
As Cybersecurity Awareness Month 2024 unfolds, it is critical for organizations, especially in Asia, to emphasize the tangible business value of cybersecurity investments. With cyber threats becoming increasingly sophisticated and pervasive, cybersecurity is no longer just an IT issue; it is a fundamental aspect of business resilience and growth.
Demonstrating the return on investment (ROI) from cybersecurity initiatives can help secure ongoing support from stakeholders, drive informed decision-making, and foster a culture of security within the organization. By clearly articulating how cybersecurity investments protect assets, ensure compliance, and enhance customer trust, CISOs and CIOs can align security strategies with broader business objectives.
In this PodChats for FutureCISO, Steve Wilson, chief product officer at Exabeam, offers his take on how to demonstrate the business value of cybersecurity investments.
Key Questions for CISOs and CIOs
As we enter a new era defined by rapid advancements in generative AI, the landscape of cybersecurity is evolving at an unprecedented pace. These powerful tools, capable of creating content and automating tasks, present both opportunities and significant risks for organizations across Asia.
With the potential for misuse in generating deepfakes, phishing attacks, and automated malware, cybersecurity leaders must prioritize robust strategies to safeguard their digital environments. Emphasizing a proactive approach that includes continuous monitoring, employee training, and the implementation of AI-driven security solutions will be crucial. In this dynamic environment, fostering collaboration between technology developers and cybersecurity professionals will ensure that the benefits of generative AI are harnessed responsibly, allowing organizations to thrive while minimizing vulnerabilities.
In this PodChats for FutureCISO, Terry Ray, Data Security CTO and Fellow at Imperva, shares his perspective on how to secure the new frontier with generative AI in 2025 and beyond.
1. We’ve heard snippets of warnings. Perhaps you can elaborate more on the potential risks associated with the misuse of generative AI among organizations in Asia?
2. Can you share one or two best practices for assessing the effectiveness of existing security measures against AI-driven attacks?
3. In Asia, how do you see regulations and compliance requirements evolving concerning generative AI and data security?
4. For organisations in Asia regardless of size, what remains as key challenges with the rise of AI as a cybersecurity tool to protect against cyberattacks?
5. What are available options for organisations to ensure the integrity of data used to train generative AI models?
6. Specific to data protection strategies, what role will generative AI play in incident response plans?
7. What incident response case studies exist that highlight generative AI threats, and what can we learn from them?
8. Speaking of phishing, malwares and hyper targeting, what ethical considerations should CIOs and CISOs account for when deploying generative AI in security operations?
9. How will the adoption of generative AI affect organisations’ overall cybersecurity budget and resource allocation?
10. Any final thoughts for AI in cybersecurity in 2025?
In today's digital landscape, fostering a security-aware culture is paramount for organizations in Asia. CIOs and CISOs play a crucial role in embedding cybersecurity into the organizational ethos. This involves not only implementing robust security measures but also promoting continuous education and awareness among employees.
By cultivating an environment where security is a shared responsibility, organizations can better mitigate risks and respond effectively to threats. Encouraging open communication about security practices and integrating them into daily operations enhances resilience.
Ultimately, a proactive security culture empowers employees to act as the first line of defense against cyber threats.
In this PodChats for FutureCISO, Ben King, VP for Cybersecurity Trust & Culture at Okta shares his perspective on how to foster a security-aware culture.
Ben, welcome to PodChats for FutureCISO.
1. Where are enterprises today in Asia-Pacific, when it comes to creating and maintaining an acceptable level of security awareness among staff?
2. What, for you, is a security-aware culture?
3. Does it make sense to have a one-person and what role should leadership play in promoting a security-aware culture?
4. How do organisations measure the effectiveness of their current cybersecurity training programs?
5. What strategies have worked (not worked) to engage employees in cybersecurity awareness initiatives?
6. How can organisations integrate security awareness into onboarding for new employees? Is this a job for HR? How and at what point should CIOs and CISOs get involved?
7. What are the challenges organisations will face in fostering a security-aware culture in a diverse workforce and where hybrid workplace is the norm?
8. What best practices can we adopt from organisations that excel in security culture?
9. What metrics should organisations use to track and evaluate improvements in security-aware culture?
10. Do carrots work better than sticks when it comes to foster a sustained security-aware culture?
11. Coming into 2025, we can security to continue to take importance for all organisations and functions. What is your expectation in the development of security-aware cultures?
Cybersecurity resilience refers to an organization's ability to prepare for, respond to, and recover from cyber incidents while continuing to operate effectively. This resilience is not merely about having robust security measures in place; it also involves fostering a culture of security awareness and agility within the organization. As businesses undergo transformations—whether through digital transformation, mergers and acquisitions, or shifts in workforce dynamics—cybersecurity strategies must evolve concurrently.
The challenge lies in ensuring that security protocols do not hinder operational agility. Organizations must be able to pivot quickly in response to market demands, technological advancements, or unforeseen disruptions while maintaining a strong security posture. This balance is crucial for minimizing risks and protecting against potential cyber threats that can exploit vulnerabilities during periods of change.
Key Considerations for Achieving Cybersecurity Resilience
To navigate this complex landscape, Chief Information Security Officers (CISOs) and security professionals must consider several critical questions:
Mark Jobbins, Chief Technology Officer & Vice President, Asia Pacific & Japan, Pure Storage
1. Given us a state of the cybersecurity landscape in Asia in 2024.
2. How should a CISO define cybersecurity resilience?
a. What is agility in the context of cybersecurity from the perspective of a CISO?
3. How should CISOs assess and prioritize risks associated with rapid changes in technology or business operations?
4. What security frameworks and standards should organisations adopt to ensure compliance while remaining flexible, and without compromising agility?
5. How can organisations integrate security into their agile development processes without slowing down innovation (or creating unnecessary friction between operations, development and security teams)?
6. With the threat landscape continuing to escalate threat and both sides (attackers and defenders) having access to the same technologies, how should CISOs architect the company’s cyber resilience strategy to stay ahead of the threat?
7. Balancing agility with security during periods of significant change, as a Chief Technology Officer, can you share your views/expectations around security and resiliency in 2025?
As Cybersecurity Awareness Month 2024 unfolds, it is critical for organizations, especially in Asia, to emphasize the tangible business value of cybersecurity investments. With cyber threats becoming increasingly sophisticated and pervasive, cybersecurity is no longer just an IT issue; it is a fundamental aspect of business resilience and growth.
Demonstrating the return on investment (ROI) from cybersecurity initiatives can help secure ongoing support from stakeholders, drive informed decision-making, and foster a culture of security within the organization. By clearly articulating how cybersecurity investments protect assets, ensure compliance, and enhance customer trust, CISOs and CIOs can align security strategies with broader business objectives.
In this PodChats for FutureCISO, Steve Wilson, chief product officer at Exabeam, offers his take on how to demonstrate the business value of cybersecurity investments.
Key Questions for CISOs and CIOs
CIOs face the challenge of balancing transparency with the competitive edge of proprietary AI models. This requires a strategic approach to communicate AI practices without compromising sensitive algorithms. As global AI regulations evolve, especially in Asia, CIOs must adopt flexible compliance strategies and foster a culture of adherence to both local and international guidelines.
Choosing between custom solutions, vendor partnerships, or off-the-shelf software presents unique pros and cons. Custom solutions offer tailored benefits but require significant investment, while off-the-shelf options provide quick deployment with less flexibility. Regardless of the choice, prioritizing high-quality, unbiased data is essential for ethical AI outcomes. Implementing robust monitoring processes can mitigate biases in AI decisions. To address the talent gap, CIOs should invest in training programs and collaborate with educational institutions, ensuring their organizations possess the necessary skills to navigate the complexities of AI implementation effectively.
In this PodChats for FutureCIO, Ser Yoong Goh, head of compliance at Advance.ai Group helps us navigate the complex landscape of AI implementation.
1. How should a CIO/compliance balance the need for transparency with the competitive advantage of proprietary AI models and algorithms?
2. Given the evolving state of AI regulations and guidelines in Asia and globally, how will CIOs ensure ongoing compliance as the landscape shifts?
3. Is it better to build custom AI solutions in-house, partner with external vendors, or use off-the-shelf AI software? What are the pros and cons of each approach?
4. How are/should CIOs ensuring AI models are trained on high-quality, unbiased data that respects user privacy and data rights?
5. What processes should be in place to monitor for and mitigate unintended biases or errors in AI-driven decisions?
6. Given the pervading talent crunch/gap, how should CIOs address the need to have the right talent and skills in-house to successfully implement and manage AI systems? What works in terms of acquiring or developing this expertise in-house?
7. Mel: Can you share your views on AI guardrails?
As one of the most populous and rapidly developing nations, Indonesia faces unique sustainability challenges, from managing its natural resources to addressing social inequalities. Environmental, social, and governance (ESG) principles have become integral to the country's long-term growth and development strategy, as businesses and policymakers recognize the need to balance economic progress with environmental protection and social responsibility.
At the forefront of this movement are chief financial officers (CFOs), whose role has evolved beyond traditional financial management to encompass strategic decision-making and risk mitigation.
In Indonesia, CFOs are now expected to be sustainability champions, integrating ESG factors into their financial planning and reporting processes. This includes identifying and mitigating ESG-related risks, allocating resources towards sustainable initiatives, and communicating the company's ESG performance to stakeholders.
By aligning financial objectives with sustainability goals, Indonesian CFOs can help their organizations maintain a competitive edge, attract investment, and contribute to the country's broader sustainability agenda.
Joining us today on PodChats for FutureCFO is Yohanes Jeffry Johary, former CFO and now managing director at OCS Indonesia.
Questions:
1. Is sustainable growth a new initiative (in 2024) or something that has been a priority for many businesses in recent years? How is sustainable growth related to the other priority: cost efficiency?
2. Do you think the CFO is the best leader to drive the two goals: sustainable growth and cost efficiency? What qualifies a CFO to lead these two goals?
3. What would be the key metrics (financial and non-financial) that a CFO must focus on to drive sustainable growth and cost efficiencies?
4. How would CFOs integrate new initiatives like ESG and sustainability while driving positive sustainable growth and improving cost efficiency?
5. Name one key emerging strategy that CFOs can adopt to drive sustainable growth and cost efficiency in today's rapidly changing business environment?
The podcast currently has 412 episodes available.