You were recently elected president of Clusif; could you tell us a bit about the association’s governance?
Clusif was created 34 years ago. It has two types of members: Offerors and Users, in equal proportions. The president and vice-president must represent both groups. I was vice-president (he is director of Cabestan Consultants, ed.). Under our articles of association, I was elected until March 2017 to replace Lazaro Pejsachowicz who recently retired. After that, our members will vote. The vice-president is Henri Codron, CISO at Schindler Europe, representing the Users.
What is your roadmap?
The goal is not to change what’s been working for over thirty years. We want to continue to provide a discussion forum for everyone involved in the very broad topic of information security: CISOs and Clusive offerors. However, we do need to consider changes to the environment. We have shifted our focus from information security, which was very company centric, to cyber security. And we need to open up to this world because it is now one of the problems CISOs face. However, Clusif keeps the same mission: to address information and information system security, in particular. Regardless of the origin of the threat. We never forget that many companies still face these sorts of problems. By definition, cyber threats come from the exterior. While this isn’t new, it is different for those fighting it.
Can you speak briefly about the CISO space?
It’s a working group open only to users – CISOs, ISSPs, DPOs, and also ISDs. Even I, the President, cannot participate! There are about 120 members, because not all users belong to the group. Users need to apply. They choose the subject for presentations and discussions. This often includes feedback, both positive and negative. This helps everyone, including the less experienced, to learn from their peers. Sometimes the CISO Space invites an external speaker, an expert or an authority for discussions and debate. Henri Codron leads the group with help from Nicolas Vielliard (CISO at Engie).
What are Clusirs?
Clusirs are full-fledged autonomous associations. They have a contract with Clusif (for the label, discussions on good practices, etc.). There are currently eight of them: six in Metropolitan France, one in Tahiti and one in Réunion. We’re currently assisting the CISOs who have created a Clusir in the Caribbean. We have other projects as well that are well underway with other ultramarine regions. The Clusirs have a lot of expectations, they ask for many discussions and sharing opportunities. We’re working to strengthen ties with local teams and expect to announce closer cooperation and more effective integration of the Clusirs in Clusif activities in 2017.
What projects are planned for coming months?
There are a lot of them. Lazaro Pejsachowicz continues to assist Clusif. He is responsible for recruiting new CISOs, new offerors and for giving us perspective on our activities. We want more people to provide feedback, and we also want to work with business users. As a general rule, we want to strengthen discussions with other structures (Les Assises de la Sécurité, Cesin, CDSE, Amrae, AFCDP, etc.) and continue participating in the work of institutions (Anssi, Ministry of the Interior, CNIL, etc.). The more information circulates, concerns are exchanged and feedback is shared among us (associations) and institutions, the more we’ll be able to change mentalities, the way security is lived, experienced and perceived. We’re also going to launch new working groups. They represent the heart of our activities, and their deliverables are always highly anticipated. With this in mind, we’re also preparing a cyber crisis exercise for SMEs. It will be an opportunity to demonstrate Clusif-Clusir synergies, because the Aquitaine Clusir will be working with us on it. And one of our initiatives for 2017 is a conference with an innovative format. CISOs will discuss their ISS expectations together, and share their concerns on cyber security and regulations. Then, the offerors (regardless of their profile) will respond, together, to these demands. They will have to be creative, imaginative and suggest a new direction. I’ll conclude by paraphrasing the leitmotiv of the French chapter of an old association that unfortunately no longer exists (Decus) and for which the spirit of discussion was also a value: “That which the market does not provide, Clusif must!”