Introducing CISO with a deep interest in cybersecurity

Andre Shori is the APAC Cybersecurity Vice President and Chief Information Security Officer at Schneider Electric. Andre brings with him over 30 years of cyber experience, a SANS Technology Institute Master of Science in Information Security Management, and 18 major cybersecurity certifications. He serves as an Executive Board Member of the (ISC)2 Singapore Chapter and Vice President of the Association of Information Security Professionals (AiSP), contributing to the evelopment of the cybersecurity profession across the globe and creating a vibrant global cybersecurity ecosystem that enables a safe and secure cyberspace for everyone.

2. What brought you to the Cybersecurity industry?

I have always been deeply fascinated by the tools, techniques, and processes that threat actors use to breach environments and, more importantly, what defenders should do to counteract these tactics. My first entry into Cybersecurity was over 30 years ago when I served as a network operator and help desk agent for BC (British Columbia) Rail in Canada. That is where I was exposed to security topics like access controls, prevention, and detection tools, BCP/DRP, and from there, I was hooked. It has been a lifelong learning journey since then; cybersecurity evolves so fast, and there has never been a dull moment.

3. What were your defining moments in this industry, and factors or guidance that helped you achieve them?

Being accepted into the Master of Science in Information Security Management (MSISM) program at SANS was pivotal in my career. The program filled in almost all the gaps in my Cybersecurity knowledge and taught me to think strategically at the organizational level. Quitting my job at the time to complete the MSISM was incredibly challenging, but completing it helped propel me into a role that I had long dreamed about.

4. What is it that you love most about your role?

I am gratified to know that I am helping to make a real difference in the Cybersecurity of my organization and my community. It is really rewarding to help shape the industry into a mature, professional, and well-recognized discipline. I also love all my fellow practitioners who share a passion for Cybersecurity. One of my favourite pastimes is meeting with other cybersecurity folks to share our knowledge and experiences. Cybersecurity is too vast a field for anyone to truly master, so it is great to meet people who help expand my views.

5. What are some of the trends you have seen in the market lately, and what do you think will emerge in the future?

I see a lot of attention being paid to automation and process re-engineering, which bodes well for streamlining current processes in a more efficient manner. SOARs (Security Orchestration, Automation and Response) are becoming the norm, and AI (Artificial Intelligence) has helped fuel that push. I also see signs that the IT/OT convergence is starting to really gain momentum now, with more OT (Operations Technology) Cybersecurity oriented solutions appearing on the market to address the growing OT/IoT install base as people start to imagine increased use cases on how to automate the world we live in.

6. What do you think is the role of CISO?

A Chief Information Security Officer (CISO) or equivalent (Head of Information Security, Chief Security Officer, TISO, BISO, ACISO, IT Manager, CISO as a Service etc.) is the person (or any immediate direct report) accountable (or in the case of a direct report, responsible) for defining and implementing their organization's overall cybersecurity strategy to enable and advance business outcomes. This person is ideally a senior-level executive, reporting to the most senior levels of the organization, who is actively leading the defence of their organisation, its businesses and all assets, including its people, data, infrastructure, products or technologies, against internal and external cybersecurity risk.

7. How can we encourage more people to join the cybersecurity sector?

Show them what a cybersecurity career looks like. Showcase more examples of different aspects of cyber such as an OT Cybersecurity engineer working at an oil and gas plant, or a DFIR (Digital Forensics and Incident Response) investigator, or a threat intel person doing red teaming etc. Get people to understand that there are gratifying careers in cyber, that it is not just about the $$, and that they can enjoy a rewarding vocation while making a difference in society.

8. What do you want to achieve or contribute to the Cybersecurity Ecosystem?

I will continue to add my energy, experience, and, where applicable, my expertise to continue to help drive and uplift our Cybersecurity discipline into a well-developed, attractive, and rewarding professional vocation. I plan to help accomplish this undertaking by engaging with all relevant stakeholders at all levels to ensure that our profession has the support and visibility necessary to ensure we can value and add our tradecraft towards our respective organization’s objectives.

9. Any advice for the Cybersecurity Professionals?

You must have a passion for cybersecurity to best ensure you will thrive. A career in Cybersecurity is demanding, deeply technical, always challenging and without passion your odds of burning out are high. It is a thankless role, and you are usually first to be blamed, so you must be able to embrace the knowledge that you are performing a role in ensuring the betterment of society through your actions.

Author Bio

Andre Shori

VP Outreach and Partnerships

AiSP

Andre Shori is the Regional CISO for Schneider Electric, covering both IT and OT Cybersecurity throughout the APAC region. Andre holds a Master of Science in Information Security Management from SANS and is the first person in Singapore and 19th globally to complete the program.

Andre hails from Canada and has over 20 year’s international experience in Information Technology. He holds a variety of certifications in the Cyber Security arena and has been a full member of AiSP since 2009. He is also a current World Record holder in the Guinness Book of World Records.