AiThority Interview with Michael Mestrovich, CISO at Rubrik

Hi Michael, Please tell us about the latest trends in IT security budgeting.

Hi, Sudipto. In 2023, IT security leaders are facing tighter budgets and they will need to optimize and consolidate the tools they have already procured. When looking at new tools, they will have to be able to take out two or three existing products to fit within budgets in 2024. It means cybersecurity vendors will need to double down on technical innovations that drive productivity while keeping costs top-of-mind.

Top AI ML News: Axel Springer and OpenAI Partner to Deepen Beneficial Use of AI in Journalism

Beyond product enhancements, we will also see continued partnerships and integrations between vendors to meet this need and reach more customers.

That’s great! Does it mean Security leaders would find it more economical to leverage AI tools for their mission-critical operations?

Yes. AI will have a huge impact in 2024.

A huge issue for organizations (especially education, healthcare, and other industries) is that trained cybersecurity talent is scarce and expensive. These organizations struggle to hire and retain best-in-class talent. ISC2’s 2023 Cybersecurity Workforce Study found that the cybersecurity workforce grew by 8.7% to 5.5 million but open cybersecurity positions increased 12% to over 4 million. With this in mind, organizations will seek to leverage AI to help compensate for the talent gap.

Generative AI has the opportunity to generate training content specific to various roles and deliver that content on an ongoing and interactive basis to ensure every employee is best equipped to be a protector of their organization.

AI makes it possible to apply adaptive learning techniques across organizations at scale.

Which areas would continue to pose challenges to security leaders in 2024?

Cybersecurity, for sure…

Gaining access to any enterprise via valid credentials remains the preferred method of access for cyber actors.

As Generative AI matures over the next year and beyond, social engineering attacks fueled by Generative AI will become easier to perpetrate, will increase in scale, and will be increasingly realistic. No amount of training will be able to prevent some of these tactics, so we will surely see an increase in cyberattacks. Therefore, over the next year, we’ll see how many organizations have built their defense strategy around a cyber resilience mindset, e.g. micro-segmentation, passwordless authentication, phish-resistant MFA, moving from privilege escalation to separate privileged user accounts, and when it all fails, having immutable data backups.

How do you see AI and regulations shaping the security marketplace in 2024? Are CISOs ready to meet these regulations?

The recent SEC action against SolarsWinds and more importantly against the CISO Tim Brown shows that CISOs are increasingly in perilous situations. There will never be enough resources devoted to cybersecurity in any enterprise yet CISOs have to make risk-based decisions every day. If that were not difficult enough, add to that the threat of criminal charges if you get it wrong and it only adds to an already incredibly stressful environment.

Will we see more and more CISOs leave the profession?

Will we see an increase in CISO turnover?

How will the relationship between the CISO the board and the executive leadership team change?

On a positive note, New York recently announced a new cybersecurity strategy that will mandate comprehensive cybersecurity programs, vulnerability assessments, access controls, and security awareness training for hospitals, offer $500 million in funding for healthcare IT, and expand the cyber resources of state-wide criminal investigative entities. This is a huge step forward and I can only hope other states and municipalities follow New York’s lead.

Thank you, Michael! That was fun and we hope to see you back on AiThority.com soon.

[To share your insights with us, please write to sghosh@martechseries.com]