John Petrie is the Councillor to the CISO for NTT. It’s a role that comes with a particular challenge over the next few years. NTT is in the process of merging all of its operating companies into a single entity. It started that project with NTT Ltd, which brought 29 companies together. During the process, however, the business acquired three more companies.
Petrie now has a new task that some might see as impossible. He said: “My primary job is the harmonisation of all of NTT security solutions across the entire set of companies. When I say companies, I mean 900 companies and that is a huge challenge, to co-ordinate, navigate politics, navigate solution sets.”
Those 900 companies represent a group revenue is more than $110.87 billion. It is arguably the most significant and most sophisticated digital transformation in business history. It is, in itself, a mammoth task, one that perhaps even Don Quixote would have baulked at. For Petrie, the critical element is ensuring that all the security elements, tooling, processes and importantly culture, are appropriately aligned.
To create a baseline, Petrie has decided to standardise on NIST. He says: “So our common language to talk about security controls, governance standards is NIST CSF, and on the risk side, the RMF.” But implementing this across so many companies of different sizes is complex. Petrie commented: “The challenge in 900 companies is that one size doesn’t fit all. And what I mean by that is that a small company that doesn’t have the security professionals or the budget or the solutions already in play are going to have a difficult time.”
To hear more of what Petrie had to say, listen to the podcast.
Where can I get it?
obtain it, for Android devices from play.google.com/music/podcasts
use the Enterprise Times page on Stitcher
listen to the Enterprise Times channel on Soundcloud
listen to the podcast (below) or download the podcast to your local device and then listen there