How Maxis’s cybersecurity team enable the Malaysian telco’s digital business

Cybersecurity head Lee Han Ther outlines the transition of the security team from being a “show-stopper to an enabler”, documenting the benefits of acknowledging wider business objectives to drive mutual gains.

lee han ther   maxis
Maxis

The Phoenix Project, an IT novel by devops expert Gene Kim, is a cautionary tale for Lee Han Ther on how to be—and not be—a CISO. The novel emphasises the heightened importance of CISOs adopting a more flexible posture in ensuring that security is supporting and protecting—not frustrating and thwarting—business strategy.

Lee is head of cybersecurity architecture and strategy at Maxis, a major telecommunications provider in Malaysia. He observes that the novel’s fictional CISO (John Pesche) “evolved from being a show-stopper to an enabler to the business and a partner to the technology team”. Lee notes that Pesche may be a fictional character, but too many real-life CISOs share his flawed approach to managing security.

“I would measure success in security in a form of trust and value you have gained from your stakeholders and peers,” Lee says. For Lee, that means aligning to the bigger picture, which requires holistic thinking. CISOs of course should think through the metrics required to effectively measure security investment levels, and CISOs should be able to focus on their own and their team’s technical skills.

But those skills are table stakes today, Lee says. More is needed to support and protect the business strategy. “IT security executives must now be inquisitive, collaborative, and gritty. The cybersecurity space is evolving very rapidly both from a threat and technology controls angle, meaning successful modern-day IT security executives need to be curious and dive deep, rather than have a surface-level understanding,” Lee says.

In managing multiple stakeholders—such as internal colleagues, business users, and regulatory and audit third parties—Lee stresses the importance of CISOs cutting through the technical hype to identify common business objectives, working in collaboration with the wider organisation to achieve cybersecurity goals.

To continue reading this article register now

Microsoft's very bad year for security: A timeline