Once Upon a Time: A CISO Tale
Have you ever asked yourself: What's the CISO talking about? My tale compares a CISO to a medieval king ruling in accordance to ISO 27001.
Sketch 1 (1,500 characters)
This sketch illustrates one problem a Chief Information Security Officer (CISO) of an organization may encounter daily: Looking into blank faces while using specialist terms in front of employees in order to explain a really important and urgent topic.
To be fair, hundreds of years ago, medieval kings did not have an easier task having to protect their kingdom than the CISO has today.
Picture 3 & 4:
While sketch 1 & 2 show a colorful IT organization and kingdom, Sketch 3 & 4 show that it is and it not always has been as peaceful and colorful for the king and the CISO. Sometimes information security as well as the kingdom is in danger.
Picture 5 & 6:
Illustrates possible threat actors of the kingdom and the IT organization, being very different from each other. Those are the ones the king and the CISO have to protect their land against.
The king and the CISO will protect and defend their assets based on the ISO 27001 standard (which is one of the most important standards on how to implement an Information Security Management System in an organization).
For the sketches I used news paper letters, water brush markers, aquarelle color pencils, ink for calligraphy, and permanent markers on a water color pad.
Based on demand, I could create computer graphs out of the different elements/sketches enrolled or leave them in this children book-like painting style. A video is another possibility.
Sketch 1_1: A CISO and his Organization of Information Security Assets.
Sketch 1_2: A medieval king and his kingdom.
Sketch 1_3: A perplexed CISO - the organization's information assets are threatened.
Sketch 1_4: A helpless King - his kingdom is all dark and threatened.
Sketch 1_5: The medieval kingdom's threat actors.
Sketch 1_6: The organization's threat actors.
Sketch 2 (1,500 characters)
Our lives' digitization nowadays already begins at a very early stage with parents employing baby alarms connected to the Internet. The amount of data describing our preferences, tracking our positions, assessing our abilities, and measuring our performance from there on continuously grows. Instead of physically having control, more and more of this data is stored in what we call "The Cloud" - an unimaginable amount of servers potentially distributed all over the world. This makes not only the collection of data ubiquitous but also its utilization - in most cases noticeable as increasing convenience. However, there is always the risk that the sheer amount of data in the cloud might eventually also be used against you.
Sketch 2_1: Data Collection: From baby shoes to professional career: Somebody is listening throughout our life and knows us even better than we might know ourselves? This might have major consequences for each individual.
What have you learned through this sketching process? (1,000 characters)
Having a background in computer science and security, one of the hardest challenges is to find the thin line on which common knowledge ends and expertise begins. This is not a static but dynamical positioning which is highly depending on the respective audiences. In my everyday work, I usually know the audience of my work beforehand so that I can adjust correspondingly. In the Cybersecurity Visuals Challenge, however, the audience is the global public with a variety of professional, cultural, and educational backgrounds. I therefore decided to use a language which everybody learns to speak already during their childhood - the language of fairy tales.
Tell us more about you. (1,000 characters)
I graduated with a Bachelor's in 'Media & Information Technology and Design' as well as a Master's in Computer Science with a focus on IT Security and Artificial Intelligence. During my studies, I taught children the basics of the World Wide Web by employing different visualising techniques and metaphors.
I wrote my thesis about 'Cognitive Cyber Attack Detection' in cooperation with the research & development division of an international IT company and a well-known university in the Washington, DC Metro Area. Subsequently, I started working as a Security Consultant assessing and quantifying the cyber exposure and protection controls of the world's largest organisations.
In my Bachelor's I had drawing classes as well as classes in image editing programmes (Adobe Photoshop, Illustrator, Indesign), story telling, sound design, animation movies, etc.
Why are you participating in this Challenge? (750 characters)
The Cybersecurity Visuals Challenge perfectly combines my academic and professional background in computer science and security, as well as media design with my passion for art. I always had in mind to publish a children book-like story about IT security. When I heard about this challenge, I took one day of vacation in order to have enough time to create some drawings.
What is your experience with the field of cybersecurity?
I have considerable experience and/or knowledge in the cybersecurity field.
What best describes you?
I’m a cybersecurity professional with an interest in visuals.
How did you hear about this OpenIDEO Challenge?
Someone in my network (word of mouth)
I currently live in London (UK) and Munich (Germany)
Location: State / District
Bavaria & London