ネットスコープは2024年Gartner®社のセキュリティ・サービス・エッジ(SSE)のマジック・クアドラントでリーダーの1社として評価されました。 レポートを読む

閉める
閉める
  • Netskopeが選ばれる理由 シェブロン

    ネットワークとセキュリティの連携方法を変える。

  • 導入企業 シェブロン

    Netskope は世界中で 3,000 を超える顧客にサービスを提供しており、その中にはフォーチュン 100 企業の 25 以上が含まれます

  • パートナー シェブロン

    私たちはセキュリティリーダーと提携して、クラウドへの旅を保護します。

実行能力とビジョンの完全性において
最上位の評価

ネットスコープが2024年Gartner®社のセキュリティ・サービス・エッジ(SSE)のマジック・クアドラントで3年連続リーダーの1社として評価された理由をご覧ください。

レポートを読む
Netskope、2024年ガートナー®マジッククアドラント™セキュリティサービスエッジ部門でリーダーに選出 メニューのグラフィック
私たちは、お客様が何にでも備えることができるように支援します

お客様について
窓の外を見て微笑むメガネをかけた女性
Netskopeのパートナー中心の市場開拓戦略により、パートナーは企業のセキュリティを変革しながら、成長と収益性を最大化できます。

Netskope パートナーについて学ぶ
色々な若い専門家が集う笑顔のグループ
明日に向けたネットワーク

サポートするアプリケーションとユーザー向けに設計された、より高速で、より安全で、回復力のあるネットワークへの道を計画します。

ホワイトペーパーはこちら
明日に向けたネットワーク
Netskope One プラットフォームの紹介

Netskope One は、SASE とゼロトラスト変革を可能にする統合型セキュリティおよびネットワーキング サービスを提供するクラウドネイティブ プラットフォームです。

Netskope One について学ぶ
青い照明の抽象画
セキュアアクセスサービスエッジ(SASE)アーキテクチャの採用

Netskope NewEdgeは、世界最大かつ最高のパフォーマンスのセキュリティプライベートクラウドであり、比類のないサービスカバレッジ、パフォーマンス、および回復力を顧客に提供します。

NewEdgeの詳細
NewEdge
Netskope Cloud Exchange

Netskope Cloud Exchange (CE) は、セキュリティポスチャに対する投資を活用するための強力な統合ツールを提供します。

Cloud Exchangeについて学ぶ
Netskopeの動画
  • セキュリティサービスエッジ製品 シェブロン

    高度なクラウド対応の脅威から保護し、あらゆるベクトルにわたってデータを保護

  • Borderless SD-WAN シェブロン

    すべてのリモートユーザー、デバイス、サイト、クラウドへ安全で高性能なアクセスを提供

  • Secure Access Service Edge シェブロン

    Netskope One SASE は、クラウドネイティブで完全に統合された単一ベンダーの SASE ソリューションを提供します。

未来のプラットフォームはNetskopeです

インテリジェントセキュリティサービスエッジ(SSE)、クラウドアクセスセキュリティブローカー(CASB)、クラウドファイアウォール、セキュアウェブゲートウェイ(SWG)、およびZTNAのプライベートアクセスは、単一のソリューションにネイティブに組み込まれており、セキュアアクセスサービスエッジ(SASE)アーキテクチャへの道のりですべてのビジネスを支援します。

製品概要はこちら
Netskopeの動画
Next Gen SASE Branch はハイブリッドである:接続、保護、自動化

Netskope Next Gen SASE Branchは、コンテキストアウェアSASEファブリック、ゼロトラストハイブリッドセキュリティ、 SkopeAI-Powered Cloud Orchestrator を統合クラウド製品に統合し、ボーダレスエンタープライズ向けに完全に最新化されたブランチエクスペリエンスを実現します。

Next Gen SASE Branchの詳細はこちら
オープンスペースオフィスの様子
SASEアーキテクチャの設計 For Dummies

SASE設計について網羅した電子書籍を無償でダウンロード

電子書籍を入手する
最小の遅延と高い信頼性を備えた、市場をリードするクラウドセキュリティサービスに移行します。

NewEdgeの詳細
山腹のスイッチバックを通るライトアップされた高速道路
アプリケーションのアクセス制御、リアルタイムのユーザーコーチング、クラス最高のデータ保護により、生成型AIアプリケーションを安全に使用できるようにします。

生成AIの使用を保護する方法を学ぶ
ChatGPTと生成AIを安全に有効にする
SSEおよびSASE展開のためのゼロトラストソリューション

ゼロトラストについて学ぶ
大海原を走るボート
NetskopeがFedRAMPの高認証を達成

政府機関の変革を加速するには、Netskope GovCloud を選択してください。

Netskope GovCloud について学ぶ
Netskope GovCloud
  • リソース シェブロン

    クラウドへ安全に移行する上でNetskopeがどのように役立つかについての詳細は、以下をご覧ください。

  • ブログ シェブロン

    Netskope がセキュリティ サービス エッジ (SSE) を通じてセキュリティとネットワークの変革を実現する方法を学びます

  • イベント&ワークショップ シェブロン

    最新のセキュリティトレンドを先取りし、仲間とつながりましょう。

  • 定義されたセキュリティ シェブロン

    サイバーセキュリティ百科事典、知っておくべきすべてのこと

「セキュリティビジョナリー」ポッドキャスト

ゼロトラストと国家安全保障の交差点
On the latest episode of Security Visionaries, co-hosts Max Havey and Emily Wearmouth sit down for a conversation with guest Chase Cunningham (AKA Dr. Zero Trust) about zero trust and national security.

ポッドキャストを再生する
ゼロトラストと国家安全保障の交差点
最新のブログ

Netskope がセキュリティ サービス エッジ (SSE) 機能を通じてゼロ トラストと SASE の導入をどのように実現できるかをご覧ください。

ブログを読む
日の出と曇り空
SASE Week 2023年:SASEの旅が今始まります!

第4回 SASE Weekのリプレイセッション。

セッションの詳細
SASE Week 2023
SASEとは

クラウド優位の今日のビジネスモデルにおいて、ネットワークとセキュリティツールの今後の融合について学びます。

SASEについて学ぶ
  • 会社概要 シェブロン

    クラウド、データ、ネットワークセキュリティの課題に対して一歩先を行くサポートを提供

  • リーダーシップ シェブロン

    Netskopeの経営陣はお客様を成功に導くために全力を尽くしています。

  • カスタマーソリューション シェブロン

    お客様の成功のために、Netskopeはあらゆるステップを支援いたします。

  • トレーニングと認定 シェブロン

    Netskopeのトレーニングで、クラウドセキュリティのスキルを学ぶ

データセキュリティによる持続可能性のサポート

Netskope は、持続可能性における民間企業の役割についての認識を高めることを目的としたイニシアチブである「ビジョン2045」に参加できることを誇りに思っています。

詳しくはこちら
データセキュリティによる持続可能性のサポート
思想家、建築家、夢想家、革新者。 一緒に、私たちはお客様がデータと人々を保護するのを助けるために最先端のクラウドセキュリティソリューションを提供します。

当社のチーム紹介
雪山を登るハイカーのグループ
Netskopeの有能で経験豊富なプロフェッショナルサービスチームは、実装を成功させるための規範的なアプローチを提供します。

プロフェッショナルサービスについて学ぶ
Netskopeプロフェッショナルサービス
Netskopeトレーニングで、デジタルトランスフォーメーションの旅を保護し、クラウド、ウェブ、プライベートアプリケーションを最大限に活用してください。

トレーニングと認定資格について学ぶ
働く若い専門家のグループ
サムネイルを投稿

このエピソードでは、NetskopeのCXOアドバイザーであるJoe Topinkaへのインタビューを特集しています。 Joe は、メンター、著者、講演者、CIO であり、IT 組織を率いてビジネスの成果を上げてきた 35 年以上の経験があります。 彼は、ITリーダーが組織で成功を収めるのを支援することを目的としたコンサルティング会社であるCIOメンターの創設者です。

このエピソードでは、Mike が Joe と座って、エンタープライズ リスク管理、ビジネス ユニットとの関係の促進、人力によるフレームワークについて説明します。

エンタープライズリスク管理プログラムを持つことは本当に巨大だと思います。 それが正式であろうとなかろうと、誰かが全体的なリスクに責任を負わなければなりません。 これは、チームスポーツであり、誰もが果たすべき役割を持っているという考え、特にクラウドプラットフォームで独自に意思決定を行っているビジネスユニットのリーダーであるというこの全体的な考えに到達します。 彼らはその上で大きな役割を果たしています。

—ジョー・トピンカ、NetskopeのCXOアドバイザー
ジョー・トピンカ

 

タイムスタンプ

*(02:53) - ジョーのCIOへの道のり*(29:42) - エンタープライズリスク管理プログラムの重要性
*(11:07) - Joe がビジネス管理をセキュリティに変換する方法について人々にアドバイスする方法*(37:35) - 2030ゴーグル
*(15:52) - Joe の新しい CIO の頭字語*(41:13) - クイックヒット
*(20:25) - マイクとジョーがセキュリティのビジネス関係の側面について話し合う

 

以下プラットフォームからも聴くことができます:

グリーンプラス

本エピソードの出演者

ジョー・トピンカ
CXOアドバイザー at Netskope

シェブロン

ジョー・トピンカ

Joe Topinkaは、先見の明のある最高情報責任者、メンター、著者、講演者であり、IT組織を有意義なビジネス成果を推進するために35年以上にわたって向上させ、主導してきた成功を収めています。 彼は、説明責任、誠実さ、一貫性に基づいて忠実で高性能なチームを構築する情熱的なメンターです。 ジョーは、3つの別々のエンティティからCIOオブザイヤーを3回受賞しています。

CIO Mentor, LLCの創設者として、ジョーは専門知識と力強いリーダーシップスタイルを活用して、企業がテクノロジーの力を獲得して利益主導のビジネス成果を達成できるように導きます。 彼は15年以上にわたり、ビジネスの利害関係者とIT組織の間に架け橋となる成功した方法論を適用し、チームを競争に合わせる人力のプラットフォームを確立してきました。 また、ITリーダーに企業関係の変革、適切なテクノロジーの活用、投資の優先順位付けについても指導しています。

ジョーは熟練した作家であり、頻繁に基調講演を行っています。 彼のベストセラーの本、 ITビジネスパートナーシップ:フィールドガイド、CIOのトップ10の読み物に選ばれました。

以前は、高品質のオーディオ/ビジュアル製品の急成長中の製造および販売業者であるSnap AVのCIOを務めていました。 さらに、マルチチャネルコマース担当バイスプレジデントおよびRed Wing Shoe CompanyのCIOを務め、包括的なビジネス機能を提供し、信頼性が高く洞察に満ちたビジネスインサイトを提供し、組織内のITの評判を大幅に高めるITビジネスパートナープログラムを実装することで組織を変革しました。

キャリアの初期には、McGladreyの最初のCIOを務め、同社の最大の事業部門に新しいITプラットフォームを導入し、企業全体の文化的変革のための主要なイニシアチブを主導しました。 彼は、CIOとして、新しい小売クリアランスおよび決済業務のためのバンクオブニューヨークのIT機能を確立するために採用され、会社のeビジネス戦略を開発し、B2B eコマース機能を実装しました。

マイク・アンダーソン
最高デジタル情報責任者、Netskope

シェブロン

マイク・アンダーソン

マイク・アンダーソンは、Netskopeの最高デジタルおよび情報責任者を務めています。 過去25年間、営業、運用、事業開発、情報技術など、さまざまな分野で高性能チームを構築し、主導してきました。 フォーチュン500に名を連ねる世界的な企業であるSchneider Electricから Netskope に入社し、北米のSVP、CIO、デジタルリーダーを務めました。 2020年、Constellation Researchから、組織内でビジネス変革の取り組みを主導しているトップグローバルエグゼクティブを表彰するエリートリストであるビジネストランスフォーメーション150のメンバーに指名されました。 全米ダイバーシティ評議会はまた、2020年と2021年にダイバーシティとインクルージョンの分野でトップ50のCIOとして同氏を認めています。 Schneider Electricエレクトリックの前は、CROSSMARKのCIOを務め、40,000人の従業員サービスプロバイダーのビジネス機能を小売および消費財業界にデジタル変革しました。 また、マイクロソフトの合弁会社であるEnterprise Mobileでエグゼクティブリーダーシップの役割を果たし、現在はHoneywell、Insight、Software Spectrum、および1999年に共同設立したWebサービスのパイオニアであるInVergeの一部となっています。 マイクは、数多くのテクノロジーおよび業界の諮問委員会に所属し、メンタルヘルスと自殺予防に焦点を当てた非営利団体、および科学、技術、工学、数学の将来の労働力の開発に役立つ非営利団体と協力してボランティアをしています。

ジョー・トピンカ

Joe Topinkaは、先見の明のある最高情報責任者、メンター、著者、講演者であり、IT組織を有意義なビジネス成果を推進するために35年以上にわたって向上させ、主導してきた成功を収めています。 彼は、説明責任、誠実さ、一貫性に基づいて忠実で高性能なチームを構築する情熱的なメンターです。 ジョーは、3つの別々のエンティティからCIOオブザイヤーを3回受賞しています。

CIO Mentor, LLCの創設者として、ジョーは専門知識と力強いリーダーシップスタイルを活用して、企業がテクノロジーの力を獲得して利益主導のビジネス成果を達成できるように導きます。 彼は15年以上にわたり、ビジネスの利害関係者とIT組織の間に架け橋となる成功した方法論を適用し、チームを競争に合わせる人力のプラットフォームを確立してきました。 また、ITリーダーに企業関係の変革、適切なテクノロジーの活用、投資の優先順位付けについても指導しています。

ジョーは熟練した作家であり、頻繁に基調講演を行っています。 彼のベストセラーの本、 ITビジネスパートナーシップ:フィールドガイド、CIOのトップ10の読み物に選ばれました。

以前は、高品質のオーディオ/ビジュアル製品の急成長中の製造および販売業者であるSnap AVのCIOを務めていました。 さらに、マルチチャネルコマース担当バイスプレジデントおよびRed Wing Shoe CompanyのCIOを務め、包括的なビジネス機能を提供し、信頼性が高く洞察に満ちたビジネスインサイトを提供し、組織内のITの評判を大幅に高めるITビジネスパートナープログラムを実装することで組織を変革しました。

キャリアの初期には、McGladreyの最初のCIOを務め、同社の最大の事業部門に新しいITプラットフォームを導入し、企業全体の文化的変革のための主要なイニシアチブを主導しました。 彼は、CIOとして、新しい小売クリアランスおよび決済業務のためのバンクオブニューヨークのIT機能を確立するために採用され、会社のeビジネス戦略を開発し、B2B eコマース機能を実装しました。

マイク・アンダーソン

マイク・アンダーソンは、Netskopeの最高デジタルおよび情報責任者を務めています。 過去25年間、営業、運用、事業開発、情報技術など、さまざまな分野で高性能チームを構築し、主導してきました。 フォーチュン500に名を連ねる世界的な企業であるSchneider Electricから Netskope に入社し、北米のSVP、CIO、デジタルリーダーを務めました。 2020年、Constellation Researchから、組織内でビジネス変革の取り組みを主導しているトップグローバルエグゼクティブを表彰するエリートリストであるビジネストランスフォーメーション150のメンバーに指名されました。 全米ダイバーシティ評議会はまた、2020年と2021年にダイバーシティとインクルージョンの分野でトップ50のCIOとして同氏を認めています。 Schneider Electricエレクトリックの前は、CROSSMARKのCIOを務め、40,000人の従業員サービスプロバイダーのビジネス機能を小売および消費財業界にデジタル変革しました。 また、マイクロソフトの合弁会社であるEnterprise Mobileでエグゼクティブリーダーシップの役割を果たし、現在はHoneywell、Insight、Software Spectrum、および1999年に共同設立したWebサービスのパイオニアであるInVergeの一部となっています。 マイクは、数多くのテクノロジーおよび業界の諮問委員会に所属し、メンタルヘルスと自殺予防に焦点を当てた非営利団体、および科学、技術、工学、数学の将来の労働力の開発に役立つ非営利団体と協力してボランティアをしています。

エピソードのトランスクリプト

トランスクリプトをオープン

Joe Topinka: I think having an enterprise risk management program is really huge, whether it's formal or not, somebody has to be responsible for risk overall, that it gets to this whole idea that it is a team sport and everyone has a role to play, especially business unit leaders that are making decisions on cloud platforms on their own. They're playing a huge role on there. The idea around cybersecurity several years ago wasn't quite where it is now, but the enterprise risk management team has done a really solid effort of elevating the dialog and giving everyone more cognitive and aware that cybersecurity is not just an IT thing, it's a company thing, and it fits into the whole cyber security framework overall.

Speaker 2: Hello and welcome to Security Visionaries. You just heard from today's guest, Joe Topinka, CXO Advisor at Netskope. The responsibility of cybersecurity doesn't only fall on the shoulders of that team, it takes all of us working together. Getting folks on board with security begins by fostering relationships across the organization, particularly with IT and business unit leaders. This allows folks to have vulnerable conversations that ultimately help the organization grow. Before we dive into Joe's interview, here's a brief word from our sponsor.

Speaker 2: The Security Visionaries podcast is powered by the team at Netskope. At Netskope, we are redefining cloud, data and network security with a platform that provides optimized access and zero trust security for people, devices, and data anywhere they go. To learn more about how Netskope helps customers be ready for anything on their sassy journey, visit N-E-T-S-K-O-P-E.com.

Speaker 2: Without further ado, please enjoy episode 18 of Security Visionaries with Joe Topinka, CXO Advisor at Netskope and your host, Mike Anderson.

Mike Anderson: Welcome to today's episode of Security Visionaries podcast. I'm your host, Mike Anderson. I'm the Chief Digital and Information Officer here at Netskope. Today I am joined by Joe Topinka. Joe, how are you doing today?

Joe Topinka: I'm doing well. Well, better, I should say, I'm on my 11th day of COVID, hopefully coming out of it, I tested positive again today, but there's always another day tomorrow, but doing well, thanks for asking. And thanks for having me on the podcast.

Mike Anderson: Absolutely, I'm glad you're getting back into it, hopefully you'll get that negative test soon so you can get out of quarantine. I know that's never fun.

Joe Topinka: Not at all. Not at all.

Mike Anderson: So one of the things, it's interesting is we... Before we get into this, Joe, you and I met several years ago. I had this habit of when I read a book I really love, I like to reach out to the author and connect, and I did that, and you and I instantly had a great... Some great conversations. I brought you in to talk to the team when I was the CIO with Schneider Electric for the North America business. And you and I have remained friends since then, and so it's just... It's real privilege to have you on here, and especially with just your insight in the industry being a super successful CIO and a mentor to CIOs around the world. So maybe just we start the conversation off me, just talk about your journey and being a CIO and how that came about, and some of the learnings along the way.

Joe Topinka: Sounds good. Well, again, thanks for having me on and it's an absolute pleasure to be with you today and also to be working with you here over the last year or so. My career started many, many years ago in the mid-19... Well, late 1980s... Not '80s. 1970s, early 1980s, there we go. See, that's what happens when you get COVID. And I started off as a software engineer. I thought I would never wanna do anything else but write code. And I did that for a large financial institution, actually it's now FIS, so I spent many years there building software. And I was really fortunate, Mike, in that, our leadership team at the time had a different vision around technology, and since they were surrounded by technologists, they really wanted us to start thinking more like business people, business technologists. And so they sent us to a tailored program, they sent us to Northwestern and we learned about product management, this is in probably 1990s or so. And I was just so fortunate to have gotten introduced to the idea of thinking about my area of business like a business person and not a technologist. And so I started thinking about markets and customers and value proposition and things that were, in my past life, pretty foreign to me, and I just really glommed on to it, and one thing led to another, and I got my first CIO opportunity with the bank in New York in Manhattan.

Joe Topinka: And it was just so game-changing for me, so much fun. And the learnings that I was able to acquire through that experience with my colleagues at Northwestern was just absolutely amazing. I still speak to some of them today. But it was a real eye-opening experience and I've never looked back.

Mike Anderson: That's amazing, the whole business relationship piece, your book around IT, business partnerships and your... How you foster that. Fits perfectly, honestly, with our theme this year around security as a team sport, is technology is a team sport. So what made you say, you know what? I'm gonna write this book and share my thoughts. Talk a little bit about that and the role you've got in the Business Relationship Management Institute, I think it'd be great just for our listeners to hear about.

Joe Topinka: Sure, one of the things that I learned early on in my career is this value of networking and interacting and learning and meeting other people and hearing their stories, finding out what their issues and challenges are. There's so many common themes out there and learning from one another there's nothing better than that. And as I started to develop some techniques around the ideas that I ultimately incorporated into the book, I had a number of people ask me to share them. And so I started doing that and doing some informal coaching kind of my side hustle in a way. And it just grew from there, and a number of people asked me to write about it, and I started doing some articles on LinkedIn early in the early days on LinkedIn. Got some good traction there, and I got this bright idea, I actually didn't get that idea from myself, I got it from other people, my wife in particular, who said you should really put a book together around this, which I thought was ludicrous, like who would ever wanna read a book that I wrote?

Joe Topinka: But that's ultimately what I ended up doing. So I wrote a book on my own experiences, largely coming from the opportunity that I was given at FIS, which was called M&I Data Services at the time. And I learned to share that knowledge about how to run IT like a business, think about it, your product area as a true product, meeting with customers. It's really around relationships and understanding those relationships, especially customer relationships, and seeing how they interact with your company, where the roadblocks are and how they're engaging or not engaging, those are all clues to how you can strengthen the relationship, knock down barriers. And I started to think about how can I, as a CIO, make that a more repeatable process within the organizations that I was leading, and that's what ultimately lead to the book and to the stories that I wrote in the book. Most of those stories are... In fact all those stories are true stories.

Joe Topinka: Many of the names were changed to protect the innocent, and not all the stories I told in the book were perfect. A lot of my learnings have come from mistakes that I've made, and I wanted to share those mistakes and how I course corrected and just share those ideas to help people avoid them, if possible. Obviously making mistakes sometimes is one of the best teachers, assuming you're willing to look at your mistakes with a good self-reflection and honesty.

Mike Anderson: No, I totally agree. You shifted now into the CIO mentors, kinda then the shift, kinda the post-CIO journey now for you. Talk a little bit about that move, and then also when you do that, that advising people, how have you taken and continued to foster that sharing and that thinking and the learnings with others?

Joe Topinka: One of the things that I was taught as a young child, my parents sort of drove into us the idea that each of us has our own value we bring. They were very good about not letting us sort of judge other people. We had seven kids in the family, a mom and dad, so there were nine of us, and dinner was always a fun experience. And four of us, we're brothers, we're all big guys, I'm 6'7" and my brothers are well over six feet tall as well, and I remember there'd be a column of bread there, and then my mom would put it down in about two seconds later, there would be no bread left, 'cause everybody would grab as much as they could. But we learned respect, we learned how to have relationships, we learned how to listen. And those life lessons carried through for me. And I think one of the challenges that I see in the marketplace today is that we're releasing people into the wild as professionals and we don't really spend a whole lot of time on how to teach people how to have good relationships and how to have good self-reflection in terms of your own performance.

Joe Topinka: And so I started thinking about how I can share those ideas and concepts with people, how to have good personal accountability, how to think about yourself and your own performance with honest vision and eyes, clear eyes. And so one thing led to another and that's... I had some good success with that and it helped some people become CIOs, had good traction with it, and I just really enjoy it. It's one of those things that just never stopped giving back, and so I'm just sort of addicted to it and in my late 60s, and I have no intention of stopping. I really love this stuff. And I love helping people. It's just a phenomenal experience. And you asked about the Business Relationship Management Institute. When I wrote my book and released it, the institute was just coming online, I didn't know anything about them, and somehow or another, they discovered my book and reached out to me, much like you did, one thing led to another, and they asked me to participate. I joined some committees, I started listening to what they were up to and one thing led another and now I've been in the board chair for the last four or five years, and I've enjoyed it.

Joe Topinka: There's probably 30,000 members worldwide now. They're looking at, I think, crossing a pretty big threshold here soon with 10,000 certified business relationship management professionals. So we're pretty excited about that. So we're watching to see who that person is, and it's a big celebration online when that happens, so it's a great organization. Had a lot of fun with it, and COVID has been a real challenge for a lot of organizations, especially not-for-profits, with the ability to actually do in-person conferences has been sort of a real challenge. But for many of us, we're still making it, still active and people are still coming to our doors and so it's been a lot of fun. And they're all about the same sorts of things: Relationships and people and driving value, and a lot of common themes. So a lot of overlap. If you're looking at a Venn diagram between my book and the institute, there's a lot of common ground there.

Mike Anderson: Well, I know I got a ton of value out. You and I have had a lot of conversations around some of the concepts and agility and how those have come forward, and we can maybe have a whole podcast on that topic on another day. So if we shift our thinking and we come over to security, I can't help but look at the relationship aspect from a security standpoint, and how security leaders need to foster those same kind of relationships, just like all IT leaders have, all technology leaders have, security needs to do the same thing. How have you translated as you... 'Cause you've been directly involved in security now for the last couple of years, how are you advising people on how you take the things from a business relationship management side and IT business partnership side into the security world?

Joe Topinka: That's a great question. And what I'm leaning on are the same principles. There is a trend that I'm seeing where really successful chief information security officers that I've interacted with are starting to think about how they can enhance their business knowledge. So they're beginning to meet more frequently with business leaders around the organization, and in some cases, I see the meeting with external customers, which to me is the holy grail. As a CIO I can't emphasize how important it is, but even as a chief information security officer or any sort of security professional, understanding your customers and how they engage, keeping in mind that you wanna keep their data private and secure, that's your personal brand, that's your company's brand. So just getting that knowledge that helps you to build more effective security programs. And I would add to that the incredibly widening fast speed that we see CORD adoption happening in organizations.

Joe Topinka: We were talking about that 10 years ago, and it was fun to sort of discuss that at every technology professional conference you'd ever go to, that was the topic to your [0:12:18.8] ____... You don't hear about it as much, but what I see now are digital natives coming into the business, and these are people that grew up with an iPad in their hand, so they're completely comfortable with technology. They may not understand all the inner workings like we do as lifetime career IT pros, but they're not afraid to leverage technology, they're not afraid to go grab salesforce.com or any other platform that they think is gonna add value and deliver the right results for them. The thing that I've been really focused in on is helping those business leaders understand that when they go out on their own, we used to talk about shadow IT, I don't hear about that so much anymore largely because the cloud has given rise to the option now. It's very viable for a business unit to go out on their own and procure a platform.

Joe Topinka: I've been working with a number of companies to expand the knowledge of that business leader, to know that they now have a new set of responsibilities that comes along with that cloud platform they just procured. They're now the business owner, they've gotta think about how to secure the data, they gotta make sure their vendors are toeing the line in terms of security protocols, and if there are cyber events they gotta be on top of those and know about them. And so there's a whole set of responsibilities that I've been talking about with those business leaders, and it's been very eye-opening. And in some ways, I think that's the true digital transformation that we're living through right now. It's more around how business leaders are starting to think about cyber security and technology, and it's becoming part of their lexicon. I think it's becoming something that is... Well, it's not optional, they have to understand it, one way or the other, security is not part of the business, and so it's no longer throw it over the wall to the technology group of data analytics now. We, as a business community, have to understand the cyber security aspects of whatever solution we're undertaking and make sure that that vendor is toeing the line, and there's an accountability framework there. So I'm seeing a lot of that, I'm having really good conversations around that in the marketplace. So those are some of the things that I'm seeing and hearing.

Mike Anderson: Yeah man, I think it's a great point. We call it shadow IT, and I've been re-framing that in a lot of our... Some of the things we're writing is really business-led IT. I was with Ryan Talbott over at BorgWarner and he was telling me his CEO told him, he said, "Stop trying to control it and start figuring out how to enable and support it." I think that's the mindset shift we have to get to is technology leaders is our job is not to control it, our job is to help it grow and flourish because in today it's the people closest to the problem are those digital natives now, and they're the best people equipped to solve it, how do we create the right framework and the right... Our own technology mesh inside of our organization so that we can do it, but do it in a safe and secure way.

Joe Topinka: Yeah, absolutely. Gartner last year had published like they do every year, so one of their top 10 or 15 cybersecurity projections or forecasted items. And one of those aspects is just the distributed decision making. And I think it goes right to the heart of this where with cloud and digital natives now running big parts of businesses, you're gonna see less central control over business applications. And so having the right cybersecurity architecture and framework in place and finding the right partners is crucial. And there's another aspect of this that I've been harping on for the last several years, and I think back to Gartner's old design, build, run model, I've kind of reinvented that. I call it the new CIO, and that stands for collaborate, integrate, and orchestrate.

Joe Topinka: So collaborate means with all these cloud platforms that are out there, it's incumbent on you as a business professional to understand those platforms, who's out in the market, who might be able to help you, who might help drive value, and as you select those platforms and you integrate them into your environment, you're not only integrating them, but you're pulling information out of them, you're making them run seamlessly. So there's the collaborate part with cloud and vendor partners, cybersecurity partners, they're integrating it into your environment, making the information available and useful. And then the third leg is orchestrate, making sure the platform runs and that there is oversight and management of that platform on an ongoing basis. So I call that collaborate, integrate, orchestrate instead of design, build, run. And that sort of embodies this whole idea of cloud and how we're doing much more collaboration. And there's a lot more vendor partners in the mix, and finding the right vendor partner is absolutely paramount in your thinking, and that's a new skillset or an enhanced skill set, I think, that has really become critically important for business leaders to know how to manage that vendor partner, select the vendor partner, and work with that vendor partner as you're looking to deliver value and keep your environments secure overall.

Mike Anderson: No, I couldn't agree more. It's unfortunate because I use my own technology, our own technology internally, but what I love is, you know what, I can pull up a dashboard and a new application comes in, and I can simply ask up the question to someone, what problem are you trying to solve? I'm not trying to stop him, I just want to know what problem they're trying to solve, because if they've got that problem, there's probably a 100 other people that have that same problem, or we may already have licenses to the tool they're looking to use, or we may already have licenses to a similar tool. And we can have a conversation about that and see if they looked at it, do they not know about it, because I think we always assume, as IT practitioners, that we publish a catalog and voila, everyone knows all the apps we've got available, but unfortunately, the world doesn't work that way.

Joe Topinka: That's right. Yeah, there's a term I've created too to help IT organizations talk about the platforms that they actually manage and own and operate, and oftentimes I find a business unit leader who's procured that cloud platform, gets themselves into trouble and they ask IT for help. So I created this notion of advocated systems, so those are sanctioned platforms that are owned by the IT organization website, and the company has approved those platforms and asked IT to provide those services on an ongoing basis.

Joe Topinka: So when a business unit leader does something out on their own, that's not necessarily an advocated platform. It could become one, especially if you look at all aspects of managing it, and oftentimes, business unit leaders don't really wanna, ultimately, at the end of the day, manage the vendor or experts at that in IT, and I see that transition happening in some instances now where a business unit leader went out on their own, procured a platform and now is asking IT to pick up at least some aspects of it from a cybersecurity operating platform perspective as well as just managing the vendor relationship. So that advocated system language has become useful because it's given IT a way to describe and talk about what platforms they're actually sanctioned to support, and it gives them an opportunity to talk about taking new things on in addition to what they've been asked to do in a business-oriented way versus just feeling like the business units are just dumping new things on top of them, and every time you turn around.

Mike Anderson: Yeah, that's a great one. Often times it happens where the person that actually was managing that platform, that business unit, leaves and goes somewhere else, and then they're like, "I don't know how to operate this thing. Who's gonna take over it now?" Unfortunately, that's a lot for... That's been a lot of my experience in, is that that's when that conversation tends to happen. But I've always said, "Hey, I'd be happy to support it as long as the budget to support it comes with it." Because [chuckle] we don't have endless resources on either side of the house.

Joe Topinka: No, and that's precisely it, I think. That's part of the transformation that happens, sometimes in real time, when you run into those situations where someone's kind of at their wit's end with a vendor partner that either they're having trouble with, or there was a cyber incident or something along those lines where they're just over their skis, don't really know what to do and they come back to IT. And that's when you reach out and grab their hand and say, "All right, let's figure this out together." That's part of working in a cross-team, cross-collaborative way.

Mike Anderson: Totally agree. I think back about something you said earlier in talking about the understanding of the business. And I think as CIOs, we've been orienting ourself for that way. Now it's really become like, if you're not doing that, you're probably not gonna be in the seat very long, 'cause you gotta know the business you're in in order to know how to directly align what you need to be doing. And not just align, but integrate into it and be that advocate.

Joe Topinka: That's right. Yeah, at the end of the day, the company's goals and objectives are everyone's goals and objectives. And so to the extent you can help contribute to achieving them while doing it with operating efficiency and security, then all the better. And that's the thing I think some business leaders are beginning to see, is that IT isn't necessarily a bad thing. [chuckle] We actually do add a lot of value. There's still a fair amount of ground to cover before I'd say we're to a point where that's universally true, but I think just the nature of the world and the cloud environments that we have, I think that's accelerating. And I think it's a good thing overall.

Mike Anderson: For me, it's always been you spend the first 90 days not just learning your team, but more importantly, learning the business you're in. Because I think one of the traps that all technology leaders fall into CIOs, CISOs, you name it is, "I did this here, so it must work there too." And so you go to your new organization, you take whatever blueprint you had at the previous organization, you bring it to the next one, but every business... Each business is different and they've got different business models, different go-to markets. And if you don't understand that business, you could very easily break things that are working instead of helping generate revenue and reduce risk and reduce cost, for the organization, you do all the opposite things, which is definitely a bad recipe.

Joe Topinka: Yeah, that's a really good point, Mike. And I've been encouraging cyber security professionals to spend more time in business units. One of the things I like to ask them is, "When was the last time you had a conversation with someone outside of the security team or with the IT leader or with the CIO?" And I'm starting to see more affirmative answers where, "Yeah, I'm actually meeting now on a regular basis." It's not informal meeting, or it's a formal meeting once a month, or once every other month. But I'm meeting with the head of marketing and I'm... This division or that division. I think that's crucially important to build those relationships. So they... It sort of demystifies who you are and what role you play, and you have an opportunity to have a one-on-one with someone where they can ask questions where they may not wanna ask them in a crowded conference room and expose their lack of knowledge.

Joe Topinka: I think that's a really safe way to build those relationships. And I... When I'm coaching, that's one of the things that I really zero in on, and to make sure that there's a regular routine interaction with people outside of IT, and more specifically, within business units and even the board. Meeting with board members to whatever. Sometimes the CEO or President doesn't really like IT, just randomly calling board members, so you certainly wanna clear that with your leadership, but you can actually have conversations with those folks outside the quarterly board meeting. And I think it's really healthy to do that now and then.

Mike Anderson: I can't agree more. And I was in a conversation this week, and it's like a lot of times you get people that wanna go build an app for the sake of building an app. I would have app development leaders go, "I've got this great idea, I wanna go build an app." And it's like, "Okay well, what problems is it gonna solve, and what value are we creating for the organization if we do it? And who from the business unit is working with you on that? And what's the... How's this gonna impact the ongoing profitability? What's the... " So we start having these kind of dialog conversations and understanding that business and the risk. When I think about security, it's really about, "What's my appetite for risk?"

Mike Anderson: Sometimes you got... You have a set of risks where those conversations can be harder conversations because maybe there's not an aligned appetite for risk. 'Cause definitely at a functional level, there may be one appetite, but at the CEO and board level, there's a different one. Because today, if I'm a board member, I don't wanna get myself personally in trouble because we don't have the right security governance in the organization. So it's a... I totally agree with you. Having it in a group session is like shaming the person for not knowing. Having it one on one fosters... Gives the ability to have a very vulnerable conversation with someone, but it all comes around like, "Hey, let's make sure we align to what our agreed level of risk is, and if there's an exception to that, let's make sure that we're all locking hands around that and everyone knows it. So if it comes back in the future that the risk bites in the future, that we didn't consciously, not unconsciously."

Joe Topinka: Yeah, and what you're describing to me is a technique that I've recommended and use personally, where if you're looking to make an investment in cyber security or IT in general, I like to shop that idea around to individuals on the executive team, ahead of having the big meeting. So that that gives them an opportunity to ask questions, probe, challenge you, it might even have you go back and rethink what you're asking for. But that's... Someone called it pre-selling, well, I guess it is technically. That doesn't sound as much... Like much fun. But it's just getting people one-on-one where you're sharing why you think the investment makes sense and why you think it's critically important now, and letting them have that opportunity to interact and dialog with you and ask questions. And I'm glad you brought it up, 'cause that's just an incredibly powerful way to make progress and make investments where maybe in the past you struggled and you bring the big requests to the meeting and usually there's push back 'cause they're all hearing about it, even though they may have gotten the materials ahead of time, often times they're busy and they don't read the stuff. And that's just a better way to do it, I think.

Mike Anderson: No, I can't agree more. And it's interesting when you look at the technology community at large from the vendor side, 'cause this is obviously not the first time in my career I've... People have said, "Oh, you've gone to the other side." I'm like, "Well, everyone's selling something to somebody." But first, I'm working for a technology company. The interesting piece is I've seen the other side. Vendors come in and they talk about their features or their product and the road maps and where they're going. And when often gets lost in that is, "What business outcomes is this driving for me that's gonna help my business be better or reduce risk in my business?" The new concept in security is, it's revenue protection, 'cause if I damage my brand because I have a data breach, that's gonna impact my revenue 'cause I'm gonna lose... I'm gonna churn customers. People are not gonna do business with me unless they feel confident that their data is secure with them. And so that revenue protection is a way to think about security. How do you protect your existing revenue streams?

Joe Topinka: Yeah, absolutely. And there is... Fortunately or unfortunately, depending on how you look at it, there are plenty of very public incidents that you can look at in the marketplace and talk about openly about where companies didn't make investments, like Southwest Airline had a huge outage recently, and it turned out there were some investments that had been made over many years, and so it ultimately led to their system shutting down. And I'm not quite certain what happened with the FAA the other day, but now they're talking about some contract employee who did something to a file, and one thing led to another, and I'm sure we'll hear more about that. But yeah, those sorts of things can... While they're timely in the marketplace, you can certainly, as a cyber-security professional, leverage those real-time, real-world experiences as a way to have a discussion, especially when one-on-one. "Did you hear about that? Did you see what happened?" And draw some parallels in your own organization and talk about what you're doing and what needs be done. It's a perfect opportunity to do that.

Mike Anderson: Yeah, I remember when all the ransomware first started hitting the scene, I would get text messages or emails from CEOs saying, "Hey, are we you okay?" [chuckle] That would be the... I get a forward of the press announcement of something happening, "Are we okay?" No, it's interesting when you think about this, 'cause it's a... A lot of times in security you've got... And you've got varying degrees of accountability and budget responsibility between security, and I really look at it as more like the infrastructure side of the house inside companies. And there's been this natural friction there because a lot of the budget, when the investment started happening in security, the team that got most of the budget cut was the infrastructure team because they had to provide the budget for security, the carve out. And it's... That friction still lives. I think I saw a stat yesterday that 49% of security professionals have a good relationship with their infrastructure peers.

ジョー・トピンカ:ええ、同じ現象が見られます。 それはしようとしています... このフレーズを覚えることができれば、それを思いつくことができるかどうかを確認します。 ただし、一方のグループはパケットの移動を担当し、もう一方のグループはパケットの停止を担当します。 (笑い)それは、ちょっと待って、その定義に何か問題があるようなものです。 しかし、サイバーセキュリティの専門家がその定義を与えているのを聞いたことがあり、それがインフラストラクチャの競合がどこから来ているのか、誰が知っているのか。

マイク・アンダーソン:ええ、そのネットワークチームにとって、それは常に無実への平均的な時間です'なぜなら誰もが常にネットワークのせいにしているからです、それはネットワークでなければなりません、ネットワークに何か問題があります。 そして、「それがネットワークではないことをどれだけ早く証明できますか?」 そして、ネットワーク担当者からの最初の電話は、常にセキュリティチームに「ねえ、あなたは何をしましたか...ネットワークに何かを入れましたか? 問題を引き起こしている人々のマシンに何らかの新しいエージェントを展開しましたか?」

ジョー・トピンカ:まさに、特に昨年は何度も聞いたことがあると思います。

マイクアンダーソン:ええ、それは... そして、それが部門横断的な作業だと思います。 それは... 多くの企業を見ると、CISOの80%がまだCIOに報告していると私は信じています。 そして、私はそれがオンになっていると思います... CIOとして、リーダーとして、彼らはこれら2つのチームとそれらの関係の間の相互接続性を促進する必要があり、あなたはそれをずっと行わなければなりません。 「多くの場合、インフラストラクチャ運用リーダーとセキュリティリーダーの両方がCIOに報告している関係がうまく機能する可能性があります。 課題は、それをチームの最前線にまで翻訳し、全員がうまく連携していることを確認することです。 そして、そこにはCIOとしてやるべきことがたくさんあると思います。

ジョー・トピンカ:ええ、私は完全に同意します。 そして、それは私が多くの組織が苦労しているのを見る課題を思い出させます、そして私が1つか2つの例外を除いて交流し、働いた多くの組織では、実際には堅実なエンタープライズリスク管理プログラムがありません。 そして、そのような場合、より広いレベルでその議論を行うことは、承認された機能が整っていないという理由だけでより困難になります。 PwCが毎年調査を行っていたことは知っていますが、過去1、2年で調査を行ったかどうかを確認していません。 しかし、組織の20%または30%が正式なエンタープライズリスクマッチングプログラムを持っており、大企業である傾向があると思います。 しかし、小規模な組織、中規模の組織には、実際には正式なプログラムがありません。 そして、リスクとプライバシーに真に焦点を当てた難読化がない場合、企業内の概念としてそれを本当に強化する方法で、そのチームスポーツの概念に到達するのは難しいので、それは本当の挑戦だと思います。

ジョー・トピンカ:しかし、それは変わりつつあると思います。 そして、私が見ていることの一部は、マイク、いくつかの保険会社が現在それについてより多くの質問をしているということです。 彼らは「あなたのプログラムはどれほど洗練されているか」を知りたがっています。 そして、「プログラムはありますか、そしてそれはITの外にありますか?エンタープライズリスクはありますか? また、どのような測定とメトリックを使用し、どのような方法論を使用しており、それらをテストしましたか?」 彼らはそれについてより現実的になり始めたばかりです、私は彼らがインシデントにお金を払うつもりであり、彼らが彼らの顧客全体に何を期待するかについてより賢くなっているからだと思います。 しかし、私はそうは思わない... エンタープライズリスク管理プログラムを持つことは本当に巨大だと思います、それが正式であるかどうかにかかわらず、誰かが全体的なリスクに責任を負わなければなりません。 それはそれが... これはチームスポーツであり、特にクラウドプラットフォームで独自に意思決定を行っているビジネスユニットのリーダーなど、誰もが果たすべき役割があります。

Joe Topinka: 彼らは、私が1人のクライアントと協力して、エンタープライズリスク、法務、プライバシー、サイバーセキュリティに関する要件を含む分散型意思決定モデルの組み立てを支援しているという点で大きな役割を果たしています。 そのフレームワークがどのように見えるかを考えて、ビジネスユニットが単独で出ている場合、エンタープライズリスク管理認可フレームワークを使用して適切な意思決定を行うようにします。 そして、信頼がありますが、監査方法を検証して、次のことを確認します... やっかいな作業を行うのではなく、人々が実際にルールに従っていて、物事が本来あるべき方法で起こっていることを確認し、プロセス全体を強化する方法を探しているだけです。 しかし、うまくいけば、それはますます起こっていると思います。 特にある会社は本当に良い仕事をしました、私は彼らの名前を言うでしょう、しかし私は彼らが私にそれをすることを望まないと思います。 しかし、数年前のサイバーセキュリティに関する考え方が現在の場所ではなかった組織の1つですが、エンタープライズリスク管理チームは、対話を高め、サイバーセキュリティが単なるITではなく、企業であることを認識させ、認識させるために本当に堅実な努力をしました。 そして、それはサイバーセキュリティフレームワーク全体に適合します。

マイク・アンダーソン:私たちはビジネススクールで学びます。 私たちは何を気にしますか? 私たちは収益の増加に関心があり、再投資と効率を高めるためにコストを削減することに関心があり、ビジネスのリスクを軽減することに関心があり、戦略的に競合他社に先んじることに関心があります。 そして今、あなたはそのESGに持ち込み、より持続可能な組織をどのように作りますか? 多くの場合、環境面の重要なテーマです。 私はリスクについて考えますが、そのように組み立てると、ビジネスには理由があります。 なぜなら、特定のものがあれば... 原材料価格が上昇した場合、ビジネスにどのよ