Sensing Technology Group’s CISO discusses burnout in security teams, sustainability in tech and being wary of ‘the next shiny thing’.
Sarah-Jane Madden is the chief information security officer of Sensing Technology Group, a Fortive company that designs and manufactures custom temperature transducers.
She has almost 25 years of technology experience across industries from healthcare and finance to software.
“A former manager and mentor of mine was often heard saying ‘we are not in business to be secure but if we aren’t secure, we won’t be in business’. I think that sums up the role and some of the challenges of being a CISO in a non-security company,” she told SiliconRepublic.com.
“Technical strategy is aligned with the needs of the business and our customers. It is my responsibility to make sure the security strategy tracks that evolution appropriately or ideally stays a step or two ahead.”
‘Every tool we employ is equally available to our adversaries’
– SARAH-JANE MADDEN
What are some of the biggest challenges you’re facing in the current IT landscape?
Proliferation and diversity of tooling or ‘the next shiny thing’ as I call it, is a real challenge. We have a wonderful array of tools and technologies available to us now, but it can be overwhelming and there is a real danger we are introducing risk to the business.
In the past, engineers and technology staff were given years to grow skills and become experts. Most major vendors do a reasonable job of providing training and documentation but the sheer volume of material and rapid evolution of technology leads IT generalists to fly by the seat of their pants and burnout.
Having transparent expectations of your team and encouraging them to be open and honest about their comfort levels are key practices to address this. Some practical measures like consolidating on toolsets, creating internal communities of practice and making space for team members to train all help reduce the pressure and extract optimum value from the technology.
What are your thoughts on digital transformation?
It is a positive mindset change. To me digital transformation means holding ourselves accountable for using technology to improve how we do things and improve the lives of everyone we interact with.
It can start with a business process and have a huge ripple effect. With the evolution and rapid adoption of technology over the past couple of decades, we have sometimes seen technology popping up for the sake of technology.
Digital transformation is helping us to focus on the mission and eliminate waste. As an industry, we need to be careful not to repeat the mistakes of the past under the banner of digital transformation.
I have seen some companies fall foul of taking a waterfall approach to their digital transformation. They set a three-year road map and execute to it without checking in to see if it is still bringing them where they want to go.
One of the great things about working for a Fortive company is that the leadership genuinely believe in the value of experimentation and early failure.
Digital transformation includes short feedback loops. If transformation is not delivering the results we expect, we work to understand why not and pivot.
How can sustainability be addressed from an IT perspective?
I was fortunate enough to be involved in a special sustainability project at Fortive last year. One of my roles in that project was to look at how IT infrastructure and software could contribute to improvements in this area. It was honestly eye opening.
It is not all just about choosing greener data centres – there are so many other dials we can adjust. The Green Software Foundation is an initiative with a lot of potential in the software space but from an operational perspective, the impact of properly leveraging elasticity in the cloud and powering down devices when not in use are often underestimated.
Security has a role to play too. Some people view coin mining or crypto jacking malware as a lesser evil but the energy consumption from this type of activity is now at levels where the impact on climate is undeniable.
There are similar observations to be made around DDoS attacks too. There is no one measure that will solve the sustainability problem, but a lot of little measures add up.
Technology leaders should be asking their teams to think of sustainability from the design stage right through the life cycle of a system in much the same way as they would quality, reliability and performance. Only then will we make a real difference.
What big tech trends do you believe are changing the world?
AI is undeniably front and centre right now. It is fabulous technology which has developed over many years of hard work and research. It certainly holds promise in cybersecurity and may help spread limited human resources on security teams cover more ground.
We must remember that every tool we employ though is equally available to our adversaries. I am as excited as the next about the possibilities while equally concerned about the privacy implications. However, what excites me more is the answer to ‘and what else?’.
We didn’t stop when we invented the wheel, or the lightbulb and I don’t believe AI is the pinnacle of human endeavour either. To quote Ted Lasso, ‘Be curious, not judgmental’.
We shouldn’t let advances in AI make us lazy or complacent or we risk missing out on the next big breakthrough the human mind and collective, collaborative, technical venture can bring.
How can we address the security challenges currently facing your industry?
If you have heard it once, you have heard it a million times – security is everyone’s job. The challenge I see is this is getting a little old, the message is going a bit stale.
Technologies and attack vectors will roll in and out of fashion. We will see AI used on both sides of the cyber war, but complacency and fatigue are something we need to tackle head on to maintain and improve security posture.
Macroeconomic events are putting employees under increasing pressure to do more with less. It is all too easy to default to the position security is not really your job; surely the security team should have that all covered.
On the flip side, you have security teams with an ever-growing remit covering everything from customer engagements and contract review to incident response and everything in between. It is convenient to think of security engineers as technical unicorns, but they are human and they are getting tired and overwhelmed.
As leaders, we need to manage that. The demands on our adversaries are different as are their motives. They will not tire. They will watch for fatigue and capitalise on it. Security is about understanding people as much as it is about understanding technology.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.