On July 12, the ISACA DAY event took place, organized by the ISACA Bogotá Chapter. The event featured several presentations delivered by international speakers, industry companies, and various sponsors, all centered around the main theme: “Understanding Cyber Risk.” It brought together specialists in governance, auditing, control, assurance, security, and risk management within the field of information technologies.
The event was held in Bogotá with the sponsorship of DragonJAR, BSecure, Manage Engine, Digisoc, Assertiva, Skyhigh, and VLATAM. Each sponsor had a booth to showcase their services and highlight their role within the cybersecurity industry.
The event began with the presentation “Implementation of Mesh Architecture” delivered by Alexis Villagra, CISO of VLatam. He explained how his company has implemented a cybersecurity mesh architecture that enables the organization to manage cyber risks by deploying technologies that provide integration, automation, and orchestration capabilities. This approach allows the implementation of adaptive policies that support dynamic policy adjustments, business‑driven adaptability, and greater flexibility and agility in managing information security risks.
He also highlighted the main trends in cybersecurity, which include:
▪️Expansion of the attack surface
▪️Identity system defense
▪️Digital supply chain risk
▪️Vendor consolidation
▪️Cybersecurity mesh
▪️Distributed decision‑making
▪️Going beyond awareness
Next, we heard from Liliana Méndez and Nahuel Pérez from Assertiva Risk Management, who delivered their presentation “Integrated Risk Management from a Cybersecurity Perspective.” They shared a successful case study on comprehensive risk management and discussed the challenges CISOs face when managing cyber risks. They also highlighted the advantages of implementing an Integrated Risk Management (IRM) tool, such as defining and reinforcing risk ownership through accountability, establishing cross‑business lines to foster collaboration, consolidating data to enable risk and opportunity analysis and visibility, and finally, automating processes to improve efficiency.
We then listened to Nataly Tabares with her talk “Scotia Tech – CISO Challenges,” where she outlined the key requirements, challenges, and skills a strong CISO must possess to remain competitive in the job market. She emphasized that CISOs should have communication skills, a commitment to continuous learning, resilience, decision‑making capabilities, the ability to build strategic relationships, priority‑setting skills, executive management abilities, and, ultimately, the mindset of being a business enabler rather than merely a standards enforcer.
After that, we had the opportunity to hear from Dr. Jeimy Cano in his presentation titled “Board Maturity in Cyber Risk Governance.” He presented a case study conducted in Colombia, where he interviewed members of senior management across various companies to understand the challenges faced by boards of directors. Based on this research, he developed a maturity model for boards within cyber risk governance, enabling them to understand and manage cyber risks effectively. This framework defines five sequential activities that facilitate board participation and guide their actions when facing risk scenarios:
Pablo García from Colombia and Pablo Prieto, Director of Digital Business at TIVIT Latam in Chile, held a discussion on Auditing and Artificial Intelligence, where they addressed the challenges the industry faces regarding new artificial intelligence (AI) technologies. They spoke about its current importance and the various applications it offers.
After the lunch break and the raffle of courses with ISACA, the sponsor DragonJAR gave its presentation, where Jaime Andrés Restrepo, in his talk “ChatGPT for CISOs,” discussed how Security leaders must identify the cybersecurity risks that the use of these artificial intelligence tools poses to organizations. At the same time, he highlighted how these tools can also be leveraged as resources that provide valuable support to security operations.
Likewise, Diego Montenegro, representing Cybersecurity Manage Engine LATAM, presented “The Advantages of Using CIEM Threat Intelligence: Gaining Visibility and Control in the Cloud.” He explained CIEM (Cloud Infrastructure Entitlement Management) as a solution that manages rights and permissions across cloud services—whether in multi‑cloud, hybrid cloud, or dynamic cloud environments. Diego discussed cyber risks and how these risks can be mitigated through the application of CIEM to analyze and detect potential threats or privilege abuses with the help of Artificial Intelligence and Machine Learning. He highlighted the benefits and advantages of implementing a tool of this kind.
The Cybersecurity Forum 2023 was then held, bringing together all the speakers mentioned earlier. They debated, from their respective fields, the main risks and challenges related to cybersecurity, the key obstacles associated with implementing artificial intelligence technologies, and how security professionals must prepare to face new challenges in the industry.
In conclusion, as a common strategy and skill in cybersecurity risk management, we can highlight the ability of information security leaders to build relationships across the organization. This enables them to understand business processes and daily activities, and to facilitate the implementation of security strategies with key resources and areas within the organization, such as senior management, business process leaders, the board of directors, and support process leaders, among others.
One of the main challenges for an organization and its security leaders is helping senior management understand what cybersecurity risks are and how they can be managed. To address this, several strategies have been defined, such as methodological models, integrated risk management tools, and security event management tools, which allow organizations to be prepared to minimize the impact of cybersecurity risk materialization.