Arun DeSouza is currently Chief Information Security & Privacy Officer at Nexteer Automotive Corporation. He has extensive global IT and security leadership and organizational transformation experience including as CISO and CIO. Arun’s areas of expertise include strategic planning, risk management, identity management, cloud computing and privacy. His current interests include the Internet of Things (IoT), Blockchain, Zero Trust, Software Defined Perimeter & Self-Sovereign Identity. 

Arun earned Master’s and PhD degrees from Vanderbilt University. He is a Certified Information Systems Security professional (CISSP) and has earned the Certificate of Cloud Security Knowledge (CCSK) certification. He was honored by the 1st Global Cyber Observatory by induction into the CISO Hall of Fame in September 2019. He has won multiple other industry honors including CISO of the Week, CSO50 Award, Computerworld Premier 100 IT Leaders Award, CIO Ones to Watch Award and the Network World Enterprise All Star Award. He is a member of the Society for Information Management and the International Association of Privacy Professionals.

Episode transcription:

Can you please tell us about yourself and your role within the organization?

I am the Chief Information Security & Privacy Officer (CISO & CPO in common parlance). I pioneered an integrated global InfoSec & Privacy program, developed a long-range strategic roadmap linked to business objectives and built a strong team from the ground-up. I am responsible for delivery of a wide variety of services including but not limited to:

Strategic PlanningIdentity & Access ManagementIncident ManagementPrivacy ManagementRisk ManagementGovernance & StandardsSecurity OperationsTraining & Awareness

AI, ML, RPA and other advanced technologies are reinventing Information Technology as a whole. How do you think these trends will impact your industry from innovation standpoint and what are your thoughts on best strategies to adopt such technologies securely?

These technologies can help enhance efficiency and productivity by reengineering and automating business processes on the manufacturing floor. For example, on factory floor in support of the digital factory, they can help reduce cycle time and deliver predictive analytics to enhance equipment reliability. In the cybersecurity arena, AI & ML can help strengthen cybersecurity defenses by adding a new embedded layer to the security architecture, which can enact real time adaptive, control strategies.

The following guiding principles can help CISOs balance security and innovation resultant from these game changing technologies:

Business Partnership: Work with the business and the CIO to pro-actively align priorities, assess risk and implement appropriate administrative, physical and technical safeguards.Convergence: Deploy a layered security architecture integrating data and applications. Unify data management with identity and access management to foster innovation and protect security and privacy.Change Management: Drive and manage change in concert with IT and business leaders to leverage synergy and avoid gaps in stakeholder expectation. Adopt a proactive approach to IT change to foster innovation while balancing security and privacy.Strategic Planning: Build a cybersecurity strategic plan with clear targets and strategic goals supporting business objectives.

What initiatives/strategies that you have implemented that contribute to building and fostering a culture of federation at your company?

Focus on relationship managementEstablish an Information Security & Privacy Council with business executivesBuild out a federation / network of cross-functional agents across IT and the businessMeet bi-weekly to review key initiatives, progress to plan and resolve issuesServe as an ambassador and attend business departmental meetings to share priorities

What ideas and trends that excite you th