Keeping up with the swift pace of technological change is no small feat, and organizations are meeting this challenge head-on in the exciting realms of generative AI and augmented/virtual reality. Alteryx CISO Lucas Moody offers a personal look into how we’re navigating these changes and the strategies for tackling the risks of these advancements. He reflects on how his role has evolved to keep pace with this tech-driven world.
Understanding cyber risk
Q. More than 40% of global leaders say they do not understand the cyber risks posed by emerging technologies, like virtual environment tools, generative AI, and virtual/augmented reality. What are the top 3 strategies you believe organizations should adopt to comprehend better and mitigate these risks?
A. Know what you need, build security foundations, and understand risk trade-offs.
Knowing what you need is easier said than done. A growing chorus of executives is investing out of fear of missing out (FOMO). For instance, the quick and eager adoption of generative AI (genAI) solutions without a clear goal has often led to product sprawl, an amalgamation of products or services, and losing track of where data is landing. Understanding an organization’s goal for product adoption is key to creative, effective strategies and aligning business processes with the overall organization’s risk appetite and objectives.
Next, a strong security foundation is required, especially during technology adoption. Owners of new technologies should work closely with the Information or Cyber Security teams to create a strong risk evaluation framework. Cyber security teams can also help mitigate technology adoption risks while ensuring responsible use workforce-wide. These strong foundations will ease the managed adoption of any new technology.
Lastly, understanding and managing trade-offs is essential to making reasonable decisions on what is right or isn’t right for your business.
Finding a path to yes
Q. Clarke Rodgers, director of enterprise strategy at AWS, urges CISOs to track “the metric of no” – how often the security team denies a line-of-business request – to enhance security culture. With the proliferation of AI tools and platforms, what is your advice to executives looking to adopt a comprehensive approach, enabling their teams to navigate complex decision-making scenarios effectively?
A. My take is for executives to adopt “the metric of finding a path to yes.” This ensures necessary guardrails and governance are in place for safe adoption. By understanding your organization’s needs and goals, we can engineer paved roads that lead us to achieving those goals and ensure the adoption of new tech while securing your intellectual property, customer data, employee data, and other proprietary assets.
Expansion of the CISO role
Q. Gartner predicts that 45% of CISOs’ remit will expand beyond cyber security due to increasing regulatory pressure and attack surface expansion. How has your role expanded at Alteryx?
A. My role has evolved with the times. 25 years ago, CISOs were practically non-existent. Today, my role as a CISO has evolved to that of a business leader, where I actively engage with the Board of Directors and subcommittees. Being a modern CISO requires me to have strong business acumen, the ability to influence without direct control, articulate risk at an enterprise level, and bring a diverse workforce to support objectives across the business.
Explore our Security at Alteryx Whitepaper for an in-depth understanding of our internal information security program.