Leveraging over two decades of industry experience, Riccardo has worked with tech giants including Microsoft, Cisco, and their partner networks. In his current role of Enterprise Security Architect, he helps Euroclear with the redesign of IT cyber-risk management.
As organisations bid to optimise protection strategies, Riccardo comes to PrivSec Brussels to explain how data protection teams and security teams can improve collaboration and efficiency.
We spoke with Riccardo about this crucial topic and to learn more about his professional journey.
Could you outline your career pathway so far?
During my 18 years at Cisco I went from being a team lead and technical lead, into solution architecture, and eventually became a major global incident manager covering the complete portfolio of Cisco’s products with a focus on security.
I’ve assisted large enterprise customers since 2019 in a freelance capacity, mostly working on network segmentation, infrastructure, securisation and integration at the European Commission. I moved on from there to become enterprise security architect at Euroclear.
My domain is governance risk and controls. I’m building a platform for compliance purposes on the entire operation of the CISO department. I’m also re-architecting the entire approach when it comes to cyber risk and associated activities and IT risks and controls.
What are the primary hurdles to overcome for data protection and security teams to work together more efficiently?
I think that one of the main challenges is that – whether we’re following waterfall, agile, or an operating model that falls somewhere in between – we still tend to create silos by using the so-called Conway’s law. This law basically dictates that an organisation’s culture will manifest itself in its operating model (how things get done).
Breaking down these silo barriers would eventually work to everyone’s benefit; it’s been a focus point all through last year at Euroclear, and helps us ensure that data is processed in line with the needs of both the data protection and the cybersecurity teams.
By breaking down silos and through data clean-up, information can be accessed in ways that make it a lot easier for people involved to do their work properly.
Are there structural changes that organisations can make to facilitate collaboration between data protection and security teams?
Poor collaboration between data protection and security teams is typically due to cultural problems. However, there are also technical factors. For example, many teams rely on different tools, instruments and ways of working, meaning they are bound to forge divergent paths.
However, if you have underlying technology that is shared by all teams, then activity can be grouped together. So, you need to remove all silos prior to working to ensure that the right information is shared among the right people and teams. Collect some overarching KPIs and OKRs to make sure everyone is working towards the same goal.
Finally, be able to track all activities carried out by the different parties within a department. One of the things I’m currently leading on is a tool that is based on a datalake. It basically involved collecting all the information from the entire CISO department, and eventually providing a shared view in terms of performance challenges and compliance.
What hurdles lay ahead to long-term workflow efficiency between these two teams?
Big challenges are ahead, particularly due to a lack of consolidation with the market. But maybe we can use the current downturn we are in. We’re dealing with tools that need to work together and this presents a big visibility challenge across the entire enterprise.
Information exchanges take place as workflows play out, and it’s easy for people in different teams to be unaware of what’s going on in other teams within an organisation. The exchange of information has to be prioritised to offset the likelihood of such a situation.
Don’t miss Riccardo Bua at PrivSec Brussels in his session: “Breaking Down Barriers: How Data Protection and Security Teams Can Work Together”.
→ Session: “Breaking Down Barriers: How Data Protection and Security Teams Can Work Together”.
→ Time: 13:25-14:10 CEST
→ Date: Thursday 29 September 2022
→ Venue: Brussels Expo, Pl. de Belgique 1, 1020 Bruxelles
Sponsored by OneTrust, PrivSec Brussels is part of the Digital Trust Europe Series. The event brings together thought leaders and subject matter experts for a deep-dive into the issues defining the Data Protection, Privacy and Security sphere today.
PrivSec Brussels will feature panel debates and presentation on topics including: Trust & Transparency; International Data Transfers; and Data Ethics.
PrivSec Brussels is also available on-demand for global viewing.