Plus: How To Move Beyond The Barrier Of Recognition, But Unclear Responsibility |
| Tech leadership is becoming more important—and understood—by companies and their boards. According to a survey from Deloitte this summer, half of tech professionals have four or more C-suite tech positions in their organizations—including CIO, CTO, CISO and CDAO (data and analytics). There tend to be more tech-specific C-suite roles than in any other single area of the company, but more executives don’t automatically make the massive job of governing, regulating, upgrading, protecting and innovating with tech and data any easier. A quarter of respondents said they have a tough time keeping clearly defined responsibilities straight. Top priorities for the coming year also don’t necessarily fit in any one executive’s purview. About 36% ranked security as a top priority, which is often seen as the CISO’s responsibility. But the other top priorities—reducing operational or product costs and increasing value, expanding into new markets or segments, and attracting and engaging customers—straddle many positions. And of course, many companies are working toward an AI transition. Not only do AI functions cross into many different tech areas (especially because many companies might not have a chief AI officer), but the skills for AI are lacking. About 45% say the inability to get people with the right skills is the biggest obstacle to bringing in AI—something that seven in 10 say is likely to add to the company’s tech headcount. This is an unconventional barricade for tech leaders. The leadership positions are there, but duties are unclear, priorities are all over the map, and talent for improvement is lacking. It’s time for companies and tech leaders to work more on their roles internally. Delineate exact policies and responsibilities for different executives, and decide what structure is best for company needs. Work on upskilling existing employees. And keep an eye to what skills and capabilities are needed for the long term. While cybersecurity is traditionally the domain of the CISO, the nature of attacks and vulnerabilities today means that everyone needs to have some understanding and responsibility for it. But it can be tough to bridge the communication gap between technical CISOs and other employees. Sameer Ansari, global security and privacy lead at consulting firm Protiviti, gave me some strategies to do that well. An excerpt from our conversation is later in this newsletter.
If you like what you read here, you can easily share it online and on your social media pages. This newsletter, and all previous editions of Forbes CIO, can be found on our website here. |
|
| In today’s CIO newsletter: |
|
| President Donald Trump unveiled his AI policy plan on Wednesday. The overarching goal is to solidify the U.S. position as the world leader in AI—through policies that encourage technology and infrastructure development in the U.S., as well as promoting other nations to buy American AI technology. “America is the country that started the AI race. And as president of the United States, I'm here today to declare that America is going to win it,” Trump said at a Wednesday evening event in Washington, D.C. “We’re going to work hard, we’re going to win it because we will not allow any foreign nation to beat us.” The particulars of the new policy and its parameters—or lack thereof—are not surprising, given Trump’s well-known disdain for regulation. At the beginning of his plan: “Remove red tape and onerous regulation.” The technology, the plan says, is “far too important to smother in bureaucracy at this early stage, whether at the state or federal level.” The plan doesn’t say what kind of AI use might be considered out of line—there are no mentions of protecting secure infrastructure systems, privacy or copyrights. But it directs the NIST AI Risk Management Framework, which helps organizations to minimize risks when implementing AI, to eliminate references to misinformation, DEI and climate change. In his remarks, Trump did speak out against copyright protections for content used to train AI models. “You can’t be expected to have a successful AI program when every single article, book, or anything else that you’ve read or studied, you’re supposed to pay for,” he said. This issue is one of the biggest pending legal matters today around AI. Many publishers, including Forbes, have sued AI companies, accusing them of copyright infringement for unauthorized use of content. Two AI industry leaders—Nvidia CEO Jensen Huang and AMD CEO Lisa Su—attended Wednesday’s event and praised Trump’s plan, the Wall Street Journal reported. “For the U.S. to lead in AI, we have to run fast, and the AI action plan is a great way of just laying out all the various pieces that will be helpful for us to run fast,” Su told the Journal. |
|
| Google parent Alphabet reported yet another successful quarter, with $96.4 billion in revenue—a 14% year-over-year increase—surpassing analysts’ forecasts of $94 billion. The largest percentage of growth came from the Google Cloud division, with revenues reaching $13.6 billion. But the services sector—which includes Google Search, ads on YouTube and other platforms, and subscriptions—saw $82.5 billion in revenue. “This is all possible because of the long-term investments we have made in our differentiated full-stack approach to AI,” CEO Sundar Pichai said on the earnings call. “This spans AI infrastructure, world-class research, models and tooling, and our products and platforms that bring AI to people all over the world.” Pichai said the company is increasing its investment in AI infrastructure this year by $10 billion, bringing the total to $85 billion. The dollars going toward infrastructure is planning ahead, he said, working to meet future demand trends. But analysts are tempering Alphabet’s success both in the present and future with the outcome of a pending court ruling. The company was found to have held an illegal monopoly in search, and a federal judge is expected to issue a ruling on how to remedy the situation next month. The government has asked the court to force Google to sell its Chrome browser and share its search results data—two actions that could have deep consequences for the company’s revenues going forward. |
|
| Forbes Insider: Just For Members |  | Believe in entrepreneurial capitalism as a force for good? Support our journalism. Subscribe now and unlock trusted insights and member-exclusive benefits—plus get Forbes Insider, an exclusive newsletter just for Members written by Randall Lane, our Chief Content Officer. | |
|
| Hackers breached Microsoft SharePoint on-premise server systems last weekend, accessing data and internal code for an estimated 400 organizations, Reuters reported. The vulnerability was discovered in the attack, and Microsoft quickly issued a security patch, writes Forbes senior contributor Davey Winder. However, the patch doesn’t cover all versions of the software that was breached, and the damage may have already been done; cryptographic keys stolen in the breach could allow hackers to retain access without a reset. Major victims of this breach include government, hospital and educational institutions that have security reasons for keeping more data on-premises. According to reports, victims include agencies of the Department of Homeland Security, National Institutes of Health and National Nuclear Security Administration. Microsoft said that Chinese nation-state actors Linen Typhoon and Violet Typhoon, as well as Chinese threat actor Storm-2603 have historically exploited these SharePoint vulnerabilities. |
|
 | | Protiviti global security and privacy lead Sameer Ansari. Protiviti |
|
| | | How To Break Down Barriers Between The CISO And The Rest Of The Company |
|
|
|
| Cybersecurity is, to some extent, everyone’s responsibility. It means the CISO needs to be able to communicate with other executives and employees who may not have the same technical expertise. I talked with Sameer Ansari, global security and privacy lead at consulting firm Protiviti, about how CISOs can make themselves a part of the company’s strategic discussion, and be seen as more than a blocker who says new plans are too dangerous. This conversation has been edited for length, clarity and continuity. How does a CISO enter into a partnership with the rest of the company and come to a common understanding of both what they need and what the rest of the company’s trying to do? Ansari: It’s changing the typical approach that some CISOs have. We’re getting out of the technical conversation and putting that to the side, and really focusing on what the business-oriented goals are. A lot of times, the business will come to the CISO with an idea that they want to do from a new product or new region perspective. It’s up to the CISO to understand what they’re trying to accomplish. If there are some risks associated with that, use that as an opportunity to educate the business on what those risks are, and not just say no: ‘Hey, I hear what you’re trying to do, but these are some of the risks I’m seeing. Let me explain to you why these are risks.’ Use it like an education opportunity, and then start to work with them on joint solutioning. Sometimes, the business will be like, ‘That’s a security issue. You go deal with it.’ And [you need to] show them that, ‘Hey, me making a decision on my own in a silo is not good for you, just like you making a security decision on your own without having that conversation with me is not good for either of us.’ You should make sure that you can actually have that joint conversation. You should also be solution oriented. If there is a risk there that you think the business is taking that’s too large, thinking about saying, ‘Here’s some alternatives,’ and seeing if they’re open to those alternatives. How can a CISO get from talking in an overly technical way to explaining threats in a way that everybody can understand? It’s through storytelling, using examples and actually giving things that are a little bit more concrete in terms of why things matter, focusing on what I like to call the ‘so what.’ You have a technical vulnerability. What’s the impact of that? How does that translate to what the business is trying to do? Both parties need to put themselves in each other’s shoes as much as they can. CISOs will never understand the business as well as the business understands the business, and the business will never understand cybersecurity as well as the CISO does. But spending time and collaborating and having those honest conversations about what each of you’re trying to accomplish and how can they actually make those intersect. A good example would be expanding into China or selling a part of the business. Having the CISO early in that conversation and saying, ‘Hey, if we want to divest from this business or go into a new market, what should we be thinking about? How do we actually approach this?’ [They should collaborate] with legal, thinking about the cybersecurity compliance issues, what new threat factors do we need to think about, and what’s the cost associated with that? A lot of times when the business has an idea, they’re thinking about the ROI, but the cost of cybersecurity a lot of times does not get factored into that. What advice would you give to a CISO who is hoping to be more collaborative and proactive with other executives and the board of their company? We still see business as very relationship-oriented, so I think you should be having to invest in the relationships outside of your IT or CISO teams and spending time with the business—getting to know them, getting to know what their priorities and key strategies are. That’ll make the CISO much more informed in terms of what their strategy should be. Also, when they go to the board to talk about what’s happening within their organization from a cybersecurity perspective, [you’ll know] how to present it in a way that the board will actually understand and care about certain things. |
|
|
Cybersecurity solutions provider Check Point Software Technologies appointed Jonathan Zanger as chief technology officer. Zanger most recently worked in the same role at Trigo.
|
|
Healthcare staffing company CHG Healthcare welcomed Theresa O’Leary as chief information officer. O’Leary joins the company from UPS, where she was vice president of technology, and she succeeds Scott Boecker, who is moving to another role.
|
|
Online learning platform Coursera tapped Grant Parsamyan to be its new chief data officer, effective July 21. Parsamyan previously worked as chief data & information officer at Alludo, and has also held leadership roles at OpenTable, eHarmony and Yahoo.
|
|
| Send us C-suite transition news at forbescsuite@forbes.com. |
|
| It doesn’t matter how much time and money your company invests in cybersecurity threat management. The biggest threat is different departments working in silos. Here’s why that’s a problem, and how to break down those barriers. Many tech companies are adding AI agents to their software, but customers are slow to start using them. The reasons are many. They’re new ideas, but they can also do unintended actions. Here’s how to manage new AI agents so that they earn your company’s trust and do what they’re meant to. |
|
| | An upcoming film titled Artificial is reportedly in development at Amazon MGM Studios. What real-life situation is it said to be about? | | A. | The race for tech companies to develop applications and tools for home VR use | | B. | The firing and rehiring of OpenAI cofounder and CEO Sam Altman | | C. | Nvidia’s rise from a gaming component manufacturer to the world’s most valuable company | |
|
|
|
