Michael Redmond, Deputy CISO, City of Louisville, speaks with Christian Dreisbach, Business Development, Centric Consulting in a video interview about change management structure, risks faced, understanding AI, the need for governance with innovations, the high turnover challenge, and staying relevant to mitigate threats.
At the onset, Redmond sheds light on the change management structure at the City of Louisville, which starts each week with a meeting with key personnel from each organizational sector.
Any new idea for change goes through multiple levels of discussions and agreements, she adds. For instance, the cyber, then data, and enterprise architecture, each must agree to the change.
Post that, there is time for due diligence in case any differences come up, and once approved, it is followed by a Cybersecurity Maturity Model Certification (CMMC) vendor questionnaire, says Redmond. Thereafter, the business continuity aspect, and having an application or database recovery plan are taken into consideration and worked upon.
When asked about risks, Redmond points out the risk of skipping the process of due diligence. In many cases, every aspect is not thoroughly checked before approvals, only to find out later to disapprove, she says.
For instance, Redmond raises concern stating that she would not want to do the CPA’s taxes and the CPA would not want to handle cyber. Therefore, the city has started asking for the certifications of the team members. She states that over 50% of organizations are taking SOC 2 verbatim without going through the team.
Education is the key to addressing this, says Redmond. Smaller organizations can invite a consultant to work with a person who does not have a strong background to guide them.
According to Redmond, having an understanding of AI, the risks attached to it, how to manage it and the integrity of data is critical for leaders and organizations. She takes the instance of JP Morgan Chase and Goldman Sachs, which use blockchain for international transfers to deal with data integrity.
Interestingly, says Redmond, those are the only banks leveraging blockchain, which is a critical component of banking technology. While it is important for data integrity, it does not help with compliance.
Therefore, she highlights the importance of governance, because innovations like blockchain aid data integrity but not confidentiality.
Speaking of challenges, Redmond mentions facing difficulty due to a high turnover rate. The possible reasons for that could be that people can earn more elsewhere, or they opt for another degree.
To address this, Redmond affirms the restructuring of the selection process, by making a list of all the must-haves in the people. However, it is known that cybersecurity is an area that will have a higher turnover.
Furthermore, Redmond states that there are constant new threats. She refers to the Dallas ransomware attack, which ransomed fire trucks and ambulances, sending them to the wrong addresses.
In conclusion, she recommends reading the action report published by the City of Dallas and focusing on learning constantly through training and seminars to stay relevant.
CDO Magazine appreciates Michael Redmond for sharing her insightful journey with our global community.