If you’re a CISO or other security or risk professional looking to grow your opportunities, Darren Kane has a message for you: “The idea of a person accountable for security saying I only look after security, all that other (business) stuff doesn’t truly impact on me, it doesn’t work like that anymore because we’re out of the basement now, we’re in the limelight.”
Kane has a truly broad role as Chief Security Officer for nbn, a government business enterprise that operates the national broadband network. He manages cyber and physical security, as well as assurance, risk management, privacy, and more functions in a “converged security” operation.
So, adopting Factor Analysis of Information Risk (FAIR™), with its ability to cross silos through quantifying risk in the common language of business, was a logical step. Kane credits Zulfikar Ramzan, then-CTO of RSA of introducing him to cyber risk quantification at the 2017 RSA Conference; later he expanded his knowledge in communication with FAIR creator Jack Jones.
"I don’t want to use quantitative measurement purely justify more money and more resources,” Kane says. “What I want to do is demonstrate how security can be an enabler, how you can give good security maturity, good security posture and good smart management of funding to ensure that the company that you work for benefits.”
In this conversation with FAIR Institute Director Luke Bader, Kane discusses more security and risk topics from an unusual “converged” point of view, including where he sees the profession heading in the next few years. One trend: Increasing attention to investing in and managing security staff, as he says “pastoral care” of your people in a difficult job.