Aboitiz Equity Ventures’ (AEV) Chief Information Security Officer (CISO) Charmaine Valmonte is already among the top leaders in the field of cybersecurity in the Philippines. Recently, she was awarded ‘Top Women in Security ASEAN Region – Security Trainer and Educator’ by Women in Security and Resilience Alliance (WISECRA), the global organization that promotes women in the security technology industry. The title carries more weight, which is not lost on Charm.
“This is a very special award because it confirms what we set out to do back in 2011 when I retired from the military — to build and develop our future leaders here in the Philippines. We don’t need to rely on foreign talent for Cyber, we have it! We just need to build the capabilities,” she emphasized.
The frequency of Cybersecurity Alert emails in the Group continues to grow illustrate how much more aggressive and relentless cyber threat actors are becoming with every high-profile massive data breach making headlines. The World Economic Forum’s Global Risks Report 2022 reiterates that within the ongoing COVID-19 pandemic, “malware and ransomware attacks increased by 358% and 435%…outpacing societies’ ability to effectively prevent or respond to them.” The Aboitiz Group considers cybersecurity risk as one of the top risks of the company and maintains a singular focus on strengthening governance over security standards. Aboitiz Eyes asked Charm to share her thoughts on this matter and its significance in the company’s Great Transformation.
As Aboitiz moves towards becoming the Philippines’ first techglomerate, how important will a deeper understanding and commitment to cybersecurity be in achieving that goal?
We want to build cyber warriors, this is the vision. We do this through giving back where we can. Learning and sharing knowledge to our team members allows us to build the base in building the human firewall. A vigilant team member can ideate, build, develop and innovate securely from the start. Where we bake in a security vice, bolting it on at the end of a product or service. This is similar to building a good foundation for a home where if we ensure that we have a good base, enough foundation we can build several floors above it. The deeper the foundation the higher and stronger your building will be. This is the same concept for building the cybersecurity capability in our team members. Once trained, we need to continue the journey to ensure that our internal mechanisms and activities include security in mind. A part of our team member’s DNA, where being secure, vigilant and risk averse is part of one’s mindset.
Our Chief Engagement Officer, Sabin states “feedback is a gift”. As much as we have learned through the years, build experience in the field. We continue to learn daily, improve our strategies because of the cybersecurity professionals serving with us. Feedback gained from our fellow professionals continues to expand our knowledge base and these allow us to innovate further.
How can we build and develop talent? We start with building the community through a variety of methods. We learned that we need “Design Think” training. There are many ways to get this training for everyone:
1. Continued Professional Education
These are geared toward those who are already in the field or those who have interest in Cybersecurity. There are many schools of thought with regards to certifications. A balanced mix of experience, credentials through certification and the application of the same creates value to the organization and the community.
2. Academe
Cybersecurity and Data Privacy are now available in Colleges and Universities, this is a welcome development. As a contribution to the community, as luck or faith would have it, the certification training morphed into creating a cybersecurity curriculum for a local college. I am proud to say that we graduated the first batch of students with a Bachelor’s Degree in Cyber & Information Security in the last 4 years.
3. Women in Security
(ISC)² took a new approach to surveying the cybersecurity workforce, including those IT professionals who spend at least a quarter of their time on security tasks. This new look at the workforce revealed that the percentage of women in cybersecurity is roughly 24%. While men continue to outnumber women in cybersecurity and pay disparity still exists, women in the field are buoyed by higher levels of education, and are finding their way to leadership positions in higher numbers. (Source: https://www.isc2.org/Research/Women-in-Cybersecurity#)
I am especially proud of what our fellow Women in Security and IT has accomplished to date, voted as ‘Top Women in Security’ (2020) along with 9 other respected leaders in the Philippines. This was sponsored by Women in Security & Resilience Alliance (WISECRA) and WiSAP (Women in Security Alliance Philippines), ISACA Manila Chapter who continue to forge the way for Women in the field. This time voted as ‘Top Women in Security ASEAN Region, Security Trainer & Educator Award’ for 2022.
Supporting and developing talent regardless of Gender is equally important. There is a need to build a network who can continually build, develop and grow talent and skills as the demand continues to grow.
(Read further: Companies are desperate for cybersecurity workers—more than 700K positions need to be filled” Fortune)
What started as certification training, involvement in academe and supporting the cyber, information security and data privacy fora is a continuing journey. We want to train where we can, learn and practice so that we can build the stamina and resilience to innovate and respond where possible.
