Amar Singh, CEO, founder of Cyber Management Alliance and himself a global CISO, took the opportunity to discuss cyber security and information management with Adel Al Hasani, CISO and Head of Information Security for Dubai Customs.
Adel’s journey in security started from his university days when he needed to make the decision as to which area to study, i.e. software engineering or programming, and he chose to focus on security because at the time, he and his colleagues liked hacking and breaking the rules! But that wasn’t all Adel learnt; he also came to understand that security was also about protecting yourself.
Dedication and commitment
For Adel, he planned his security journey; what he wanted to achieve, what his goals were, incorporating his career plan into his life plan to keep track of his progress. For him, dedication and commitment to your journey is very important.
“Dedication is very important and without a plan it’s a waste of time and vice versa…”
Everybody is at the risk of hackers, be it you personally or the business you work for, says Adel. He believes that it is important not to see yourself as a small part of the organisation; you are protecting the business, you are a team member and you must see yourself as part of that achievement. You have to always think positively.
“Sometimes the hackers are beating us, sometimes we are beating them... this is the exciting thing about cyber security!”
Qualities of potential candidates
One thing Adel has learnt from his journey is that it’s not only about technical knowledge, soft skills are also needed. In Adel’s opinion, without negotiation skills, without communication skills, without relationship building skills, you will struggle to succeed and achieve your goals. It’s important to learn these skills so that you can deliver your knowledge, says Adel, and be able to transfer knowledge when talking with others.
Adel also believes it is not all down the CV; he’s often cautious of many CVs as they can be written by someone else, but good experience and good qualifications always attract attention. Adel recommends that the CV is written in a way that attracts management. He wants to see the candidate’s dedication and ability to acquire new knowledge. He will ask questions on real life situations and wants to see initiative and creativity.
How do you communicate with senior management and board members?
Before you go to senior management and board members, you have to do one important thing – you have to think top to bottom. Secondly, getting support from executive management and other executives is essential and to do that, you need the soft skills to talk management language.
For Adel, it’s important to understand the management’s KPIs; understand their business requirements, the benefits of security to the business, to customers, to stakeholders and what management’s expectations are from security. Learn how to speak their language and share your knowledge of how security can improve, enhance the business, link security initiatives with business goals, and convert your language to their language.
What advice would you give to the younger generation considering security as a career?
In Adel’s mind the first point is that you have to focus on a specific security field. Security is a big area and there are many people out there who are good at ‘general’ security. So, if you focus on a particularly field, learn the basics of that you field and acquire the relevant technical knowledge, together with soft skills, you will reach your final destination.
“Choose your final destination and take the journey; understand the technology and then reach the final destination.”
Your thoughts on the top threats organisations will face?
Threats change so for Adel, understanding your business requirements, the risks, will help you be ready for any threat. It’s important not to stop adopting new technologies just because of the potential security threats or you will always be behind. But when you adopt new technologies, it is critical to adopt new controls on that technology.
Awareness is critical for Adel in encouraging security adoption throughout the business. But it’s important to link any security awareness to the individual’s own experiences, their own lives. Employees in an organisation want to know what is in it for them, why should they do it and you need to start from top to down.
"Teach management as much as the employees how security will benefit them and their business."
Adel believes that security should be built-in to an organisation and not just added on. Security needs to be considered from the beginning and should be practiced throughout the business. Make a plan, provide a security budget and do your homework to make it part of your business’s culture.
View our exclusive Insights With Cyber Leaders interview with Adel Al Hasani, CISO and Head of Information Security for the UAE Government, here.
For more information on Cyber Management Alliance, their GCHQ Certified CIPR training and other courses, webinars, Wisdom of Crowds live and virtual events, and their Insights with Cyber Leaders series of executive interviews, click here or contact us today.