In this episode of CHATTINN CYBER, Marc Schein interviews James Kim, the Vice President and Director of Cybersecurity Strategies and Programs at City National Bank in Florida, about the roles and responsibilities of a cybersecurity professional, leveling up into a CISO (Chief Information Security Officer) role, and managing cybersecurity risks in an organization.
James begins by discussing his path to his current position, attributing his success to luck, ambition, and grit. He started as a help desk technician at a bank and worked his way up over the years, focusing on risk management and developing business acumen. He realized that there was a gap between the technical aspects of cybersecurity and business, which led him to focus on improving the relationship between the two areas. He believes that this focus on developing relationships and maintaining partnerships is critical to his role and cybersecurity more broadly.
James’s day-to-day responsibilities involve incident reviews, working with governance, risk and compliance teams, reviewing policies and controls, managing projects, and tracking various initiatives. He enjoys the variety of tasks and the opportunity to work across the entire spectrum of cybersecurity, including governance, risk and compliance, security architecture, identity and access management, and business continuity and vendor risk management.
James discusses the future of the CISO role and where he sees himself in five years. He believes that the CISO role will continue to expand in prominence, with more emphasis on managing cybersecurity risks for the organization.
He concludes the conversation by advising young professionals interested in cybersecurity to know the many different aspects of the field, including governance, risk and compliance programs, cybersecurity auditing, and security engineering and analysis. He also stresses the importance of work-life balance, given the challenging and stressful nature of the work.
“We all have similar responsibilities around maintaining a robust information security or cybersecurity program, ensuring that we have proper processes, procedures in place to report incidents; and at the end of the day, having the appropriate safeguards in place to protect client information or patient information.”
“If you’ve been kind of following along with current events, I feel that within the next five years, the CISO role will continue to expand and gain more prevalence with management and the board.”
[00:50] How did James get into cybersecurity?
[02:38] James’s day-to-day responsibilities as a security operations manager.
[04:04] Working across the entire spectrum of cybersecurity.
[06:06] Where do you see the Ceo role in five years?
[08:07] How to promote awareness internally and externally within the organization.
[10:13] Advice for young professionals trying to enter cybersecurity.
[12:14] Challenges in the future of cybersecurity.
Connect with James: