Date
17.01.2025
DPI: Who are you, and in which organization do you take on the role of CISO?
Roodhooft Wendy, I work as CISO for az Vesalius, a hospital in Tongeren.
Where does your interest in security come from?
My interest in security arose from my background as a system administrator. In that role, I regularly came into contact with the technical aspects of security, such as managing firewalls, securing networks and solving security problems. The hospital needed a broader and more strategic approach. Factors such as the introduction of NIS2 and the need to meet the requirements for our ISO certificate ensured that I ended up in the CISO role (before that I was a technical security officer)
The CISO role can be extremely versatile. Which tasks or responsibilities appeal to you most in your role as CISO?
What appeals to me most is the strategic aspect of the position, such as developing a clear roadmap for our security. I find it challenging and motivating to develop a vision and translate it into concrete steps that make the organization safer, both in the short and long term. In addition, I have a strong interest in threat intelligence. Analyzing emerging threats and trends, and proactively applying this knowledge to limit risks, gives me energy. It is not only a way to mitigate threats, but also an opportunity to always stay one step ahead of potential attackers.
What do you do most as a CISO?
At the moment, I am mainly focused on our ISO 27001 certification, which is a major priority for the organization. This includes setting up and implementing the necessary procedures, creating policies and setting up an ISMS. I also spend a lot of time on the technical side of security.
What qualities are essential for a CISO?
Stress resistance: you are often the point of contact in crisis situations, such as a security incident. The ability to remain calm and rational under pressure is crucial.
Versatility: A CISO must fulfill a wide range of roles, ranging from technical expert to strategic leader. This requires a flexible mindset and the ability to quickly switch between operational details.
Passion for the job: Cybersecurity is a profession that is constantly evolving, with new threats and opportunities every day. A genuine passion for this work is essential to stay motivated, keep up with the rapid changes and continuously improve yourself. This includes, for example, managing our security infrastructure, monitoring vulnerabilities and incidents, and ensuring that our systems and networks are protected against threats.
Evolutions in security are happening at breakneck speed. How do you, as a CISO, stay up to date with recent developments?
I follow multiple news feeds, which I watch at the breakfast table in the morning, and listen to various cybersecurity podcasts. I also regularly follow training courses to expand my knowledge area.
It is a classic challenge for the CISO to obtain the necessary resources and support from management. How do you tackle this?
With a clearly developed plan. It not only contains the measures we want to take, but also the risks we want to cover with them. It is important that management understands what the risks are. It is also important to report regularly to keep management involved in security.
What are some of the most important threats that a CISO must guard against at the moment?
The influence of AI, both in terms of hacking and GDPR.
What advice would you give to people who have just started as a CISO in an organization?
For people who are just taking their first steps as CISO in an organization, my most important advice is to work in a structured and strategic way. The role of CISO can seem overwhelming, but with a well-considered approach you can quickly make an impact. Create a clear roadmap, do thorough risk analyses and above all: get to know the organization.
Date
17.01.2025
