Management ethos, guiding principles and beliefs that inform my approach and behaviour as a Chief Information Security Officer (CISO)?

Deidre Marais
Deidre Marais
  • By Deidre Marais

The beliefs and principles that inform my management style as a cybersecurity leader are grounded in my prior role as a Project Manager, I’d say this role has really shaped the ways in which I approach my work, even today.

I am a goals-driven person that strive to finish every task I start. To achieve my outputs and outcomes I always ensure that I have a well-structured plan with well-defined milestones and goals. My experience has taught me to have a defined task with timelines and to always consider and optimize the costs without compromising the quality of the outcomes.

Attention to detail and seeing the bigger picture are both equally important to me. It does however require two different types of skill sets. I don’t only paint the picture for my team but also outline the details about their roles and responsibilities to realize the actual vision.  I also believe that to be effective in my work I need to understand the background, context and the end result. If any of these components are missing, I would be somewhat less effective, which could result in a sub-optimal response.

Building the capacity of my team is critically important to me. Whilst interacting with my team, I try to capicate them to probe and ask the right questions before advising on cybersecurity matters.

As far as possible, I try to be consistent in the advice I give, also with my approach to cybersecurity matters in general. I believe that being consistent builds trust amongst colleagues and team members. If your advice is inconsistent, it is likely to cause much confusion. This may cause others to have difficulty in understanding your guidance and could result in them questioning your cyber judgement.

In the role of CISO for government, collaboration is important. A well-known quote holds true even in cybersecurity: “If you want to go fast go alone, if you want to go far, go together.” Indeed, building trust with stakeholders and citizens is a journey, it is everyone’s responsibility. Together we need to build a resilient and robust human defense.

What inspired me during the early years and what value did it bring?

My career in the IT industry started 20 years ago as a Programmer and then Network Engineer. Later I was promoted to a Project Manager. My passion for learning and developing my skills made me pursue my master’s degree in business administration (MBA) at the University of Stellenbosch. This broadened my understanding of operational, strategic and change management. I also provided exposure to a diverse group of leaders in industries outside of the public sector, gaining an understanding of their views, methodologies and thinking. It built my confidence to contribute to robust discussions in the very male-dominated IT world and layed a solid foundation to expand my career prospects.

What makes me get up in the morning to pursue a career in cybersecurity?

I am in the fortunate position to serve the citizens of our beautiful country, and I am honored to be in the driver’s seat in the collaborative effort to protect government and our citizens’ information.

I am passionate about making a difference in the lives of people by fighting cybercrime, which can, and often has, left people in a very vulnerable state. The Information Age has changed the way in which we interact, it changed the way organizations do business with their clients; it is also markedly changing the way government interacts with citizens. These changes have a massive impact on people’s daily lives and more so in a country like South Africa that faces a huge digital divide.

Let us not forget that criminal adversaries are also making huge strides in using tactics and techniques to further their malicious intent. For this reason, cybersecurity awareness programmes are at the top of my agenda as we want to ensure citizens and government employees can apply cyber judgement when they interact with digital platforms.

Life is filled with highlights, contradictions, difficulties and failures. To further complicate matters I wear different hats: I am a wife, mom, colleague, manager, leader and mentor. This is why I think it important to be principled yet flexible in my approach to life in general. If Covid-19 has taught me anything, it is to value myself and the people in my world because life is fragile. These lessons motivate me to stand firm in my values and to embrace every day with new vigor, to be the best wife and mom at home, and the best colleague and role model in the cybersecurity space.

Definitely not least of all, as cybersecurity leader, it motivates and excites me to share my knowledge, experiences and lessons learned especially with women in the fields of science, technology, engineering, and mathematics.

What was my biggest achievement to date?

The 2021 National Public Sector Innovation Awards hosted by the Centre for Public Service Innovation (CPSI) recognized and publicize innovation and effective, sustainable service delivery in the public sector. The cybersecurity programme were the First Runner Up winners in the category Internal Innovation Harnessing ICT or non-ICT Solution for the Information Security Management System. I was also recognized as a Public Sector Innovation Trailblazer for my work in managing and implementing Information security systems that uses real-time data analysis and predictive threat identification to preemptively address potential security incidents.

What are my business ambitions and strategic priorities for the next 3 years?

  • Continue to build trust with the citizens and the residents of the Western Cape through the protection of information assets.
  • Cybersecurity is an important pillar of the digital transformation journey for government. Alignment of the Cybersecurity strategy with the digital transformation plan is a key priority.
  • Continuously improving the security management system to further enhance cybersecurity and the threat management capability.
  • To demonstrate the value of the investments made in security technologies and data assets.
  • Work towards developing and building cybersecurity skills through coaching, mentoring and collaboration with industry verticals.

There are many competing priorities making the management of the cybersecurity space a fine balancing act. It is about achieving the best outcome within the regulatory frameworks, allocated budget and with limited resources. Cybersecurity awareness is an important digital deliverable to promote a culture where everyone in the province must take the responsibility of their own cybersecurity practices.