Unlocking New Opportunities for Security Automation

Kirsten Davies, SVP & CISO, TheEstée Lauder Companies

Kirsten Davies, SVP & CISO, TheEstée Lauder Companies

Business enabling and risk management focused, Davies had a unique and globally-experienced approach to Information Security, Data Privacy, IT, and Digital Transformation. Her hallmarks include transformative vision casting and strategy setting, operational and organizational excellence, and a risk-based approach to enterprise enablement. Having lived and worked on four continents, she is recognized as a thought leader in the transformation process, including refining enterprise-wide ways of working, re-envisioning and establishing organizational cadence and culture, designing and delivering dynamic talent development paths, and innovating and optimizing security processes and risk-mitigating controls.

What are some of the latest technological trends that you witness in the realm of security automation today?

Over the past few years, there is considerable traction in automation; we are trying to automate a lot of aspects across multiple industries. Today, automation is moving at a rapid pace toward a much more progressive and sophisticated model. Organizations are closely observing and identifying opportunities for automation. For example, we are working with a startup company that enables automation around events, alerts, and responses in intrusion detection systems (IDS) and intrusion prevention systems (IPS). Owing to the sheer amount of volume of events, alerts, and responses involved in IDS and IPS, it isimpossible for any security analyst to handle such vast points of risk and response.

Can you elaborate on the challenges experienced while enabling security automation?

The sheer volume of startup companies in our industry poses a key challenge for CISOs to pinpoint the right kind of tools, automation, or approach that can boost security. Many companies spend considerable resources and time to sift through the innovations to verify if a vendor can fulfill its claims and scale at an enterprise level. From an operational standpoint, identifying the possibilities for automation in information security programs and aggressively pursuing those is crucial for success.

Automation around vulnerability management requires firms to build meaningful relationships with IT teams and across the business so that there is less pushback around  systems patching. It also needs security stakeholders to be aware of the business processes and downstream impacts to ensure that the automation enables them to understand the business more fluidly and deeply through fruitful conversations and relationships.

Can you shed some light on the impactful project initiatives that you are currently overseeing?

As a transformational CISO, my role is to administer significant organizational transformations, such as building key program strategies and then operationalizing them. For instance, I worked at Barclays Africa Group/ABSA to manage the localizing of the cybersecurity capability during its separation from Barclays PLC. Throughout my entire career, I have been brought in to shift gears because of my ability to interact with the business and security aspects of organizations effectively. Right now, it’s a wonderful period in the history of Estee Lauder Companies to implement many robust initiatives such as driving women in technology and attracting top talent. We are also bringing in several rapid transformational shifts across our program in terms of automation and innovation in enterprise cybersecurity and risk assessment. This is a great time to be with Estee Lauder Companies and I am very proud to be a part of this family here.

“We can trigger a transformational shift in the industry not just around automation and innovation, but also through partnerships and sharing of intelligence, and best practices.”

What are some of the strategies that your leadership panel follows to foster a productive work culture and steer the company forward?

Currently, we run the gamut of different strategies, including attracting, developing, and retaining top talent along with undertaking a deep dive into skills and capabilities assessment across various programs in our framework. This allows me to analyze my team skills, their strengths, and where to focus on training and upliftment programs to foster a right career trajectory for them in the security arena.

I believe that there is an opportunity for every CISO to create the culture that we want our teams to thrive in. Alongside, we also discuss traditional topics around our technical capabilities and challenges and are always on the lookout for opportunities for automation, rapid maturity, synthesis, and orchestration. Another significant point of attention at Estee Lauder Companies is around our supply chain, R&D, brands, mergers and acquisitions (M&A) activities, corporate strategy, and the mapping of security to our current as well as future growth trajectory.

How do you envision the evolution of security automation in the future?

The security automation arena has the potential to be enormously disruptive, and the industry will continue to catalyze those developments at speed, required to meet and deliver evolving business demands. Long gone are the days when more people were assigned to solve problems, owing to the scarcity of talent globally in cybersecurity. Now, CISOs and directors of security operations must embrace avenues of automation, innovation, and creative thinking, at the pace demanded to transform the industry as a whole.

I believe that there is a tremendous opportunity for us to share knowledge, experience, and actionable intelligence with one another. It is going to be a real game-changer, as many of us face the same challenges, ranging from IOCs and TTP to active risk conversations with executive leadership, business sponsors, or colleagues along the full spectrum. We can trigger a transformational shift in the industry not just around automation and innovation, but also through partnerships and sharing of intelligence, and best practices.

What is the critical piece of advice you would like to impart to fellow and aspiring information security professionals?

I like to encourage other CISOs to look for talent in unusual places because it can build out and broaden the capability of their entire program. Incorporating people with generational diversity, gender diversity, nationality diversity, and color diversity on the team can be an absolute game-changer. If your organization includes people from multiple backgrounds such as business, communication, or marketing, then you can usher in a broad, diverse set of talent and viewpoints on your program. In addition, building a programmatic capability across your broader organization is crucial to ensure that everybody in the team is heading in the same direction, toward a more secure and risk mitigated environment.

Read Also

How to Leverage Zero Trust to Combat Fraud

How to Leverage Zero Trust to Combat Fraud

John Kupcinski, Director, Information Security Transformation, Freddie Mac
Mitigating Cybersecurity Risks

Mitigating Cybersecurity Risks

Giuseppe Donvito, Partner, P101 Ventures ("P101")
The Evolution of Cybersecurity in the COVID-19 Era

The Evolution of Cybersecurity in the COVID-19 Era

Cedric Gourio, Chief Information Security Officer, Allianz Partners
The Key Practices to Reduce Turnover and Shorten Time to Fill Positions

The Key Practices to Reduce Turnover and Shorten Time to Fill...

Dave Stirling, Chief Information Security Officer, Zions Bancorporation
In 2021, the Last Thing We Need is Another Security Tech Hero

In 2021, the Last Thing We Need is Another Security Tech Hero

Henry Mason, VC Investor, Dawn Capital
 Are You an Information Security Manager?

Are You an Information Security Manager?

Jana Puskacova, CISO, Slovnaft