Governance & Risk Management , IT Risk Management , Video

Steps to Build a Good Operational Framework

CISO Angel Redoble on Focusing on Attack Entry Points, Zero Trust
Angel Redoble, group CISO, PLDT Group

While most organizations carry out risk assessments and cybersecurity audits, security practitioners need to go beyond these manual processes to ensure proper protection from attackers, according to Angel Redoble, group CISO, PLDT Group.

See Also: Safeguarding against GenAI Cyberthreats with Zero Trust

"Cybersecurity operations is a different animal. It cannot be manualized. And that is why I advocate on creating a good operational framework," Redoble said.

When Redoble joined the company, he quickly realized that the existing environment was complex and would have taken a year or more to completely understand. Instead, he focused on identifying all of the potential attack entry points.

"I first determined the number of attack entry points we have," he said. "The next question I asked was: What security controls do we have currently, and what are the attacks or attack techniques that can be launched against every attack entry point? And with that, in just a matter of a few months, we were able to fortify our defenses against cyberattacks."

In this video interview with Information Security Media Group, Redoble also discusses:

  • How to create a good operational framework;
  • How a zero trust strategy helps in designing the best operational framework;
  • Why the theoretical approach doesn't always work.

Redoble, a first vice president responsible for cybersecurity at PLDT Group, Smart Communications and ePLDT Group, is a member and former vice chairman of the National Advisory Group for Police Transformation and Development. He is currently chairman and founding president of the Philippine Institute of Cyber Security Professionals and chairman of the MVP Group Cybersecurity Council.


About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.