CIO Influence Interview with Chuck Schauber, CPO at Black Kite

Chuck Schauber, CPO at Black Kite talks about the future of cybersecurity assessments in this CIO Influence interview:

_____________

Hi Chuck, take us through your role at Black Kite and your latest observations from the world of cybersecurity.

I’m the Chief Product Officer at Black Kite and I primarily focus on delivering our mission to improve the health and safety of the entire planet’s cyber ecosystem.  Our focus on third-party risk gives us the perspective to view cyber security as a team sport.  It’s called a supply chain for a reason, because each customer is someone else’s vendor and everyone in the chain has a vested interest in the supply chain’s ability to maintain a resilient security posture.

Also Read: CIO Influence Interview with Dipto Chakravarty, Chief Product and Technology Officer at Black Duck

How are AI powered cyber security assessments changing the scope of processes and work for modern security teams? Take us through the top benefits and highlights of Black Kite’s AI powered assessment tool and how it helps improve security assessments?

The problem with cyber security assessments today and is they have fundamentally been questionnaire first manual processes.  This manual process is long and frustrating requiring all sorts back and forth and long waiting periods. This has forced TPRM teams to be very selective on which vendor they assess and also led to very infrequent re-assessments.  There are gaps in detecting TPRM risk because of this process. But while it’s easy to dislike the questionnaire, the market had nothing to replace it with and TPRM teams where simply stuck.

Black Kite Cyber Assessments re-pivots the process to from questionnaire-first to questionnaire by exception. It starts with performing a document collection at the first step. This step is largely aided by the emergence of trust tenters, which Black Kite also provides links to, and the increased mindset around risk transparency that many vendor have adopted.  Collecting information in this way also has the benefit that most of the documentation comes directly from internal security teams of these vendors, which raising the level of confidence in the information. Next the TPRM team will select which assessment criteria to assess this vendor from a selection of global standards or their own custom assessment framework and feed all of the collected documentation into an AI engine.  The AI engine will match all of the information in the document to the assessment criteria and provide results and evidence from the documentation.  Within minutes all of the documentation in parsed and results are compiled.

If you compare the documentation reading process alone, you are taking a process which used to take a day and doing it in minutes.  However, it’s more impactful to compare the questionnaire process.  Often times a questionnaire-first process would consist of a questionnaire being sent an the TPRM analyst waiting weeks for any response.  So for weeks, the assessment is nearly 0% complete, whereas with a documentation-first process the TPRM analyst can expect to get to 50%-80% complete within hours.

Black Kite’s Cyber Assessments doesn’t stop there.  Our AI engine also maps any standard or custom assessment criteria to Black Kite’s technical findings.  This draws the correlation between the business requirements directly to specific vulnerabilities that have impact on those finds.  Customers can share and track those findings directly within the assessment, which aids in tracking assessment remediations.

How should today’s CISOs and business leaders train security teams to empower themselves better with AI powered processes and tools?

The key hurdle that security and risk teams must work to overcome is trust in AI.  This is process that can only be achieved with time and relationship building with this new toolset.  Our customers who have used cyber assessments have seen orders of magnitude improvement on time spent performing an assessment and have started to evolve their work streams around these capabilities.  This is only the beginning for TPRM. Advancements in AI will be the primary method that will enable customers to monitor and assess their entire supply chain, which only months ago didn’t seem possible.

Also Read: Beyond ERP: How CIOs Are Using Embedded AI to Rethink Developer Productivity?

[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]