2023 #CISOPredicts: Justin Dolly, Chief Security Officer & CIO, Sauce Labs
Members of Silicon Valley CISO Investments (SVCI) offer their take on the challenges and trends that will shape 2023.
As Chief Information Security Officers (CISOs) across industries including tech, insurance, and retail, we have the benefit of sharing (and comparing) our perspectives on a variety of hot-button issues. As members of Silicon Valley CISO Investments (SVCI), we also get a front seat to the most recent cybersecurity innovations by advising and investing in the next generation of startups—and using our decades of expertise to help them thrive.
From where we sit in the C-suite, here’s our take on the trends and challenges that will shape 2023:
Justin Dolly Chief Security Officer & CIO, Sauce Labs
Privacy in the U.S.: Will we finally care about it in 2023?
In recent years in the United States, we’ve flirted with the idea of privacy but have perennially backed away from it.
The 4th amendment of the U.S. Constitution protects against unreasonable searches. However, that puts us in the position where we have to argue as to the definition of the word “reasonable” … I know, that’s a dream for some legal scholars but a nightmare for the rest of us. So, there is no specific “right to privacy” in the constitution but yet there are many that are running for elected office that say they will protect your information in return for your vote.
Earlier this year during the congressional testimony of long-time security leader and recent whistleblower, Peiter Zatko (Mudge to his friends), many members of Congress made strong statements about how the public’s information was being handled—this signaled that they were unhappy with how our information is being used or misused, depending on your point of view. Over time, we shall see whether these overtures toward privacy legislation bear fruit.
In Europe, they have legislated for privacy protections—yet the major challenges have always been in the implementation of the laws. As written, these laws are sometimes hard to understand and are definitely difficult to implement. The restrictions are specific to the data of EU citizens and therefore lead to inconsistency in any effort to wrap protections around the entire data set (i.e., the entire set of sensitive data of all customers). A couple of weeks ago, I was traveling in Europe to find that the Internet has become un-surfable. I found myself drowning in warnings, notices, disclosures, and “go to this third-party site to manage your cookie preferences” messages. The Europeans must be congratulated for being the first through the wall, and they have the scratches and bruises to show for it … will the U.S. be next through the wall? Can we improve upon what they have put in place? I feel we can, and we should. Dare I say, we must?
So, will 2023 be the year when we finally break through and place value on personal information and how it may be used, with or without our consent? I certainly hope so.
Keep following to read additional takes on 2023 by SVCI CISOs!