In this section, we want to put a CISO in the spotlight by asking them a handful of questions posed by DPI.<\/p>\n
Luc Van Gimpel, IT Program Manager at Lantis, is happy to answer them.<\/strong><\/p>\n My name is Luc Van Gompel. I have been working in IT for more than four decades in various roles and sectors. I am eager to learn and enjoy taking on challenges that add value to an organization. I am currently helping Lantis to increase its cyber resilience and compliance with NIS2 regulations. Lantis is the organization responsible for realizing the Oosterweel connection in Antwerp.<\/p>\n For much of my career, I have been active in IT in the banking and insurance world, and security has always been an aspect that I have come into contact with. Given the increasing cyber threats that organizations face today, the ever-increasing complexity of technology, and the ever-growing regulations surrounding cybersecurity, I find the topic of security quite exciting and challenging. The topic itself is also multidisciplinary and intertwined with all aspects of automation in our companies and governments. For someone who likes variety, security is a dream topic, although this expression is still at odds with the perception of security that prevails in our companies. As a result, the necessary (further) awareness-raising of the topic of security is an additional challenge.<\/p>\n My interest lies mainly in governance tasks. Security is a complex issue. Organizations need simple control mechanisms that indicate how secure or insecure they are operating today and what needs to be done to increase their cyber resilience. And cooking costs money, so the next challenge is to determine exactly those extra security measures that will bring an organization to a level of resilience that is in line with its risk\/cost appetite. A nice assignment, right?<\/p>\n Currently, most of my time is taken up with finalizing the security policy and getting the organization on board with it. But once this exercise is complete, we will have a solid foundation on which to build. You can think of the policy as the foundations of security.<\/p>\n Understanding what is critical for the organization and being able to link this to cyber resilience measures is extremely important in order to develop a realistic improvement plan. Furthermore, your ability to understand deeply technical discussions, convey messages to C-level executives in an understandable way, and dive into business process risk discussions is definitely an asset. In addition, you need to keep your eyes and ears open to what is happening in the outside world in terms of cybersecurity and keep up with new technological developments.<\/p>\n<\/h4>\n
\nInterview<\/h2>\n
Who are you, and in which organization do you assume the role of CISO?<\/h3>\n
Where does your interest in security come from?<\/h3>\n
The CISO role can be extremely multifaceted. Which tasks or responsibilities appeal to you most in your role as CISO?<\/h3>\n
As a CISO, what do you spend most of your time doing?<\/h3>\n
What qualities are essential for a CISO?<\/h3>\n
Developments in security are happening at breakneck speed. How do you, as a CISO, stay up to date with the latest developments?<\/h3>\n