Horizon of Cyber Governance: An Exclusive Conversation with Amanda Siqueira Miguel

Cyber governance has emerged as one of the most essential components of organizational strategies worldwide. 

The policies, procedures, and mechanisms implemented to secure sensitive data, risk mitigation, and compliance with international standards and regulations make governance easier.

As the cyber challenges have become increasingly complex and interconnected, robust cyber governance is paramount.

Amanda Siqueira Miguel, a seasoned professional with an extensive background in cyber governance, compliance, and risk management, stands out as an expert in this field. 

With a career spanning various high-profile roles and a comprehensive understanding of cybersecurity, she brings a wealth of knowledge. 

Amanda’s journey is marked by her commitment to enhancing security measures, promoting compliance, and creating a safe digital environment for organizations.

Hello, Ms. Miguel. It is incredible to learn about your experience! How do you do?

Q1: You have conducted vulnerability presentations for various audiences. How do you effectively tailor your communication to address technical, business, and executive stakeholders?

Ms. Miguel: Conducting vulnerability presentations for various audiences requires a thoughtful approach to communication. Tailoring your vulnerability presentation to different audiences involves understanding their perspectives and delivering information in a way that resonates with their priorities and concerns.

Q2: How do you think the cyber governance landscape evolved, and what challenges have emerged in this dynamic field?

Ms. Miguel: The cyber governance landscape has evolved with increased awareness, regulatory frameworks, and executive involvement. Challenges include rapid technological advancements, sophisticated cyber threats, nature of threats, compliance fatigue, and the need to balance innovation with security. Continuous adaptation is crucial in this dynamic area.

Q3: How critical do you think is the role of cyber governance in achieving business objectives and ensuring the resilience of organizations?

Ms. Miguel: The role of cyber governance is critical in achieving business objectives and ensuring organizational resilience. Effective cyber governance aligns cybersecurity strategies with business goals, mitigates risks, protects assets, and fosters a resilient business environment amid evolving cyber threats. It’s integral to maintaining trust, safeguarding data, and sustaining operational continuity.

Q4: Is the accountability framework the most robust cyber governance component? How does it contribute to cybersecurity maturity?

Ms. Miguel: While the accountability framework is crucial in cyber governance, it’s one component among many. A robust accountability framework establishes clear responsibilities, but achieving cybersecurity maturity involves a holistic approach. This includes comprehensive risk management, effective policies, continuous monitoring, and employee awareness. The accountability framework contributes, fostering a culture of responsibility, and aligning actions with cybersecurity goals, ultimately enhancing organizational maturity.

Q5: Is it possible for organizations to effectively balance innovation and security within their cyber governance strategies?

Ms. Miguel: Yes, organizations can effectively balance innovation and security within their cyber governance strategies. Achieving this balance requires proactive measures, such as integrating security into the innovation process, fostering a culture of security awareness, and implementing agile and adaptive cybersecurity frameworks. Striking the right balance allows organizations to embrace innovation while safeguarding against evolving cyber threats.

Q6: In your experience, what are the most critical cyber threats and vulnerabilities organizations should be prepared for today?

Ms. Miguel: In my experience, organizations should prioritize preparation for sophisticated threats like ransomware, phishing attacks, supply chain vulnerabilities, and zero-day exploits. Additionally, securing cloud environments, addressing misconfigurations, and staying vigilant against social engineering remain crucial for comprehensive cybersecurity readiness. The threat landscape evolves, so staying updated on emerging risks is essential.

Q7: What’s the importance of cyber governance compliance frameworks like NIST and ISO27001? How could we inform people about the importance of the compliance framework if they are not tech-savvy?

Ms. Miguel: Cyber governance compliance frameworks like NIST and ISO27001 are crucial as they provide global standardized guidelines for effective cybersecurity management. They help organizations establish controls, mitigate risks, and ensure the confidentiality, integrity, and availability of information. Communicating their importance to non-tech-savvy individuals involves highlighting how these frameworks enhance overall organizational security, protect sensitive data, and contribute to maintaining trust with users and stakeholders. Emphasizing the role of compliance in safeguarding personal and business information helps convey the broader significance to a non-technical audience.

Q8: What strategies and best practices do you recommend for managing and mitigating cyber risks, especially in the wake of evolving phishing campaigns leading to ransomware?

Ms. Miguel: Mitigate cyber risks by implementing strategies such as regular employee training on phishing awareness, advanced email filtering solutions, multi-factor authentication, timely software updates, secure data backup and recovery practices, a well-defined incident response plan, network segmentation, the principle of least privilege access, threat intelligence sharing, continuous monitoring, legal and regulatory compliance, and user-friendly reporting mechanisms. These practices collectively enhance an organization’s resilience against evolving phishing campaigns leading to ransomware.

Q9: How can an organization establish a proactive incident response plan for its cyber governance strategy? 

Ms. Miguel: Establish a proactive incident response plan by conducting a thorough risk assessment, forming a dedicated incident response team, developing detailed documentation, providing regular training and drills, defining clear communication plans, preparing for forensic analysis, ensuring legal and regulatory compliance, establishing structured incident reporting, implementing continuous improvement processes, and conducting post-incident analysis to refine the plan continually.

Q10: How do you see the future of cyber governance evolving, and what trends should organizations watch out for?

Ms. Miguel:

Organizations should also watch for trends in ransomware mitigation, privacy and data protection, addressing cloud security challenges, enhancing threat intelligence sharing and investing in cybersecurity workforce development.

Q11: What advice would you give aspiring professionals looking to build a cyber governance, risk, and compliance career?

Ms. Miguel: For aspiring professionals in cyber governance, risk, and compliance, focus on gaining a strong foundation in cybersecurity principles, pursue relevant certifications (ISO27001, ISO38500, ISO31000, ISO37301) , stay updated on industry trends and regulations, develop communication skills to convey complex concepts to non-technical stakeholders, gain practical experience through internships or projects, and network with industry professionals to build a strong professional network. Continuous learning is key.

Q12: How do you ensure cyber governance initiatives align with an organization’s overarching business strategy and objectives?

Ms. Miguel: Ensure alignment between cyber governance initiatives and business strategy by actively involving cybersecurity leaders in strategic discussions, integrating cybersecurity considerations into decision-making processes, conducting regular risk assessments to identify alignment gaps, and establishing clear communication channels between cybersecurity and business leadership. This ensures that cybersecurity measures support and enhance the execution of the organization’s objectives.

Q13: Could you shed light on the role of education and awareness in cultivating a culture of cybersecurity within organizations?

Ms. Miguel: Education and awareness play a pivotal role in cultivating a cybersecurity culture within organizations. Regular training programs inform employees about cyber threats, best practices, and their role in maintaining security. Increased awareness fosters a proactive security mindset, encouraging individuals to identify and report potential risks, strengthening the organization’s cybersecurity posture.

Q14: How do companies gauge the effectiveness of a cyber governance program, and what key performance indicators (KPIs) do you recommend tracking?

Ms. Miguel: Companies gauge the effectiveness of a cyber governance program through key performance indicators (KPIs) such as: Incident Response Time, Vulnerability Remediation Rate, Employee Training Completion Rates, Phishing Resilience, Compliance Adherence, Patch Management Effectiveness, Security Awareness Metrics, Incident Recovery Time, Risk Reduction, Third-Party Risk Management and Security Controls Effectiveness. By monitoring these KPIs, organizations can assess the maturity and effectiveness of their cyber governance program and make informed decisions to enhance their cybersecurity posture.

Q15: How should organizations balance transparency and accountability with protecting sensitive information in their cyber governance efforts?

Ms. Miguel: Organizations can balance transparency and accountability in cyber governance by adopting a need-to-know approach, sharing information on a need-to-share basis, clearly defining access controls, implementing encryption for sensitive data, and regularly communicating security policies and practices. This ensures transparency regarding cybersecurity efforts while safeguarding sensitive information from unauthorized access.

Q16: What initiatives or projects are you currently working on in cyber governance and compliance, and how do they contribute to the broader field?

Ms. Miguel: I am currently working as a Governance Analyst in IT and IS in a company, on a payment platform development project, as a teacher on a postgraduate course in the subjects of Governance and Information Systems.  Companies can contribute to the broader field of cyber governance and compliance by implementing innovative strategies such as incorporating AI into threat detection, improving supply chain security measures, and developing frameworks that align cybersecurity with business strategies in evolution.  These initiatives contribute to the advancement of effective cyber governance practices on a larger scale.

Q17: You’ve been a member of the Women Techmakers community. How has being part of this community influenced your career and perspective on women in technology?

Ms. Miguel: Women Techmakers is a Google program that aims to encourage women to enter the technology field. Participating in this community has been enriching as it offers us networking, mentoring and support, promoting professional growth and positively influencing the perspectives on the presence of women in the area, contributing to diversity and inclusion in the technology sector.