Why the Exciting Rise of AI is Causing Sleepless Nights for CISOs

CSO Michael Poezyn says the explosion of AI, while transformative, is a cause of concern for CISOs

With more than 20 years of experience in cybersecurity, Michael Poezyn’s passion and wealth of experience has made him a valued and well-respected member of the gaming software solution provider’s leadership team and a trusted consultant within his field.

“I have always been intrigued with the art of cybersecurity and all the different facets that it encompasses,” he says.

“Cybersecurity is a lifestyle and I often find myself reading about and researching the latest information in this field in my personal time. 

“A blessing and a curse of being involved in cybersecurity is that it is ever evolving. As much as it often keeps you on your toes, you do often feel like you’re playing catch up.”

“You can never be bored in your profession, as you are continually learning and pushing yourself.”

New Problems, Old Problems

When it comes to the cybersecurity challenges Poezyn concerns himself with, the age-old issues of Ransomware, Insider Threats, DDoS attacks remain top of mind. However, as we have seen in 2023, the explosion of AI and the pace at which this sector is growing and becoming freely available, is a massive concern.

“We have seen in the news that companies are having to block AI tools like ChatGPT, as with the increased use of these tools, the proliferation of IP distribution is large. Such an example is the stance Samsung had to take due to employees freely distributing company IP via the tool,” Poezyn says.

“With the fear of many companies not wanting to be left behind due to this AI revolution, we are seeing many companies pushing the use of all AI tools, but unfortunately the cyber security controls, or protections, are just not there yet.

“Additionally, like with anything in society, as much as tools are being used for good, we have those that try and use AI nefariously and there are more and more stories of researchers developing malware tools using AI which can bypass EDR controls. I recently read that there is a dark web AI bot called DarkBert that is being developed and used, for example. For me, the lack of visibility and control around AI tools will have a big impact on cybersecurity” he says.

Culture of Security

As the technology landscape continues to change, Poezyn and his teams are constantly evaluating and investing in new security solutions that can help to protect his organisation from a variety of threats.

“Security is owned by all employees, developers, and engineers. Building a culture where the security of the organisation does not rest only with the cybersecurity team is really important. It is a team sport and needs to be owned by all employees and product owners,” he says

Poezyn also thinks it’s paramount to have the right level of visibility from logs and monitoring.

“Ensuring that I have the right level and coverage of log monitoring is key to succeeding in my role. Visibility is key in identifying issues and making decisions” he says.

The cybersecurity leader is also committed to training his employees on how to identify and avoid cyber threats. “I believe that employees are often the weakest link in an organisation’s security posture, and that training can help to mitigate this risk” he says.

Driving a culture of visibility within the teams has been one of his biggest successes in recent years.

“If we can’t see it, we can’t use it!” he says. “Logging, and how you use these logs, are critical to any cybersecurity program. I believe that one of the successes we have seen over the year is the increased coverage of visibility and the ability to use our logs more effectively in understanding the security posture of our organization.”

Poezyn will be delivering a presentation on “Strengthening your Zero Trust Security Model” at CISO Brisbane 2023. This is an important topic that Poezyn says is no longer an option for organisations.

“Knowing the systems people are coming from are managed and the user is the authenticated user, is critical,” he says. “Identity is the new company perimeter.”

“This raises not only the importance of MFA but the entire zero trust landscape.”

Outside of work, Poezyn is married, with two teenage children. He recently moved to the Gold Coast of Australia, from South Africa.

“I love spending time with my family and enjoy destressing by playing touch rugby, mountain biking, or spending a few hours a week wakeboarding. I wouldn’t say that I am a connoisseur, but I do like a good whiskey, or glass of red wine, at the end of a week,” he says.

Michael Poezyn will be speaking at CISO Brisbane 2023, taking place on 29 and 30 August at the Hilton Hotel. Check out the speaker lineup and register to attend by clicking this link.