Bring two CISOs on the same table, and the guess what they’ll talk about. They will, most likely, start
talking about integration of Information Technology (IT) with Operational Technology (OT). One can well understand
why that is. Today, CISOs play an essential role in balancing the two, while also bridging the gap between technology,
and the business side of things.
In a conversation with Vishal Salvi, CISO, Infosys, Thomas Leen, CISO, BHP, talks about how IT and OT within the
same organization operate very differently. “The IT/OT problem is actually a culture problem. And as much as
it is a technical challenge as well,” Leen points out.
According to Leen, one of the differences is language, and the other issue is the difference in pace. “You really
have a two-speed environment,” says Leen talking about the IT environment where changes happen fast, while in
the OT environment changes take time. He also notes that the integration aspect is really about bringing together
these two teams that have two distinct skill sets, and two distinct best practices.
"That's the key when it comes to IT and OT, from a security person standpoint: Understanding the difference between
the two and making sure that you get the actual outcome that is intended by liberating both environments," says
Leen.
Not only on the technology front, but the CISOs play an essential role in bringing technology and business on the
same page, notes Leen, who calls the CISO’s role a dual hatted one. He considers language not only an important
aspect for IT/OT integration where it is essential to understand the risk associated with technology, but also
to be able to speak to the board and tell a story on what would impact business ambitions.
"For the right audience, if you want to talk to a group of IT people, you need to be able to talk that language that
they understand. (In) the same way, you go to a board, you want to talk to them about what matters to the board, and
how the work that you're doing is protecting that outcome," says Leen.