- InsightsInsights
- CryptocurrenciesCryptocurrencies
- Stocks
- White Papers
- IndustryIndustry
- GeographyGeography
Azeem Bashir is an accomplished, award-winning CISO/CIO who is widely recognized in the industry for his business-driven approach to technology leadership. With a highly successful background spanning multiple industries including B2B, crypto, Fintech, investment/retail banking, financial services, consulting, energy, utilities, oil & gas, airline, insurance, manufacturing, payments, healthcare, global sporting events, private & public sector, governmental & global corporate sectors, he has demonstrated a versatile skillset and a knack for mastering multifaceted challenges.
Azeem has held a number of executive positions during his career, including group CISO/CIO and Director of IT & Cybersecurity for numerous multinational corporations. He sits on numerous Cyber Councils and Committees throughout the world and is generally regarded as a "Trusted Adviser" in the fields of cyber security, information security, and risk management. Azeem has also worked with High-Net-Worth organizations, international governments, and the technology and private banking industries. He has used his experience to mentor and advise other well-known CIOs and CISOs around the world.
Navigating the Ups and Downs Through Experience
With almost three decades of experience leading Information Technology and Cyber Security, Information Risk Management delivery, and business process change management across multiple sectors, Azeem has a proven track record across EMEAR and APAC Regions. He has managed cyber-attacks on Banking, Oil & Gas, and Critical National Infrastructure and has built Cyber Security & Digital Transformation Programs.
He has obtained numerous industry qualifications across Cyber Security, Risk Management, and Program Management. He is widely recognized by his peers as an industry-leading CISO, a mentor for CISOs, a Global Cyber Security Advisor, Risk Practitioner, Panel/Keynote Speaker, and Non-Executive on Information/Cyber Security & Risk Management.
Azeem has chaired and spoken at many Global Cyber Security Summits and is a member of various Cyber Councils/Committees across EMEAR and APAC Regions. He also serves as a NED and Advisor to various Organizations and Technology platforms.
Progressing Amidst Adversity During the Career Journey
Azeem is currently engaged in a confidential project for one of the world's largest companies. He has developed and secured an eco-system that has faced some of the world's largest DDOS attacks, such as "around 40 million request-per-second (RPS) DDoS," brute force, ransomware, phishing, and various other attacks, including collision-based attacks from the dark and weep web, where parties have hired attackers to take down the system. However, due to confidentiality, Azeem is not able to provide further details until the project becomes public.
After building everything from scratch, Azeem was asked by the board to implement the highest level of security to protect the eco-system, which was built with security and privacy from the ground up. He implemented a system called "ONIONS," consisting of multiple layers of controls adopting a "ZERO Trust Framework" across the eco-system, to ensure Military-Grade security and response services were in place.
Mastering the Role of an Effective Technology Leader
Azeem is motivated by his team and the online forum, constantly considering possibilities to improve his team, the online forum, and his professional associates. He worked with many people over the past three decades, and he still keeps close friends with all of them. Azeem discusses problems and offers assistance where he can, including making introductions to other employees. He also understands the importance of workforce development and believes he would be nothing without his team. Azeem has gained knowledge from previous experiences that a security leader's performance depends on the capacity to facilitate the business plan and risks as well as their thorough awareness of the company's operations.
The issue of Cyber Security often arises in organizations when the person responsible for it has a reporting structure too far down the food chain, sometimes even reporting to the CIO. Such a person may not have a board-level of experience in engaging with key stakeholders and shareholders. Additionally, they may focus on presenting doom and gloom scenarios to the board, emphasizing the need for more resources and highlighting potential risks to the business, rather than quantifying the business strategic direction and providing real-term benefit realization mapping.
To transform an organization, the board needs to be driven to understand the need for a fit-for-purpose CISO with a direct reporting line to the CEO. Such a CISO should be given ample time to discuss the issues and the organization should be agile enough to adapt quickly to change, as regulatory and technological change demands the use of the latest digital technologies. This transformation also requires an understanding of the evolving cyber threats and the focus should be on Threat Intelligence (qualified) and how to respond to threats quickly and efficiently.
Promoting Cybersecurity Awareness for Employees
Azeem claims that every business gets exposed to cyber security risks from attackers of all sizes and shapes, including big and small governmental organizations, wealthy professional cybercriminals, dorm room hackers, and user error, which is still one of the most frequent reasons for data breaches. This includes clicking on a malicious link in an email.
Azeem has noticed that the rise of ransomware attacks on companies is due to a focus on Tick box compliance, without real experts leading them. Governments and regulators are aware of some of the risks and are constantly raising the regulatory bar. He believes that if Cyber Security is done correctly, it can instil confidence and enable companies to embrace new opportunities. On the other hand, the costs of getting it wrong can be significant, including fines, disruption, and reputational damage. Azeem emphasizes the importance of collaborating with all areas of the business to put in place robust strategies, implement organizational transformation initiatives, enhance cyber defences, and establish cyber response capabilities. He takes full ownership and responsibility for the implementation and building of these measures, rather than merely advising and walking away.
Azeem has always prioritized collaboration with all business areas to establish strong strategies, organizational transformation initiatives, cyber defences, and cyber response capabilities. He takes full ownership and responsibility for implementing and building these measures, rather than simply advising and walking away. Azeem's six-point strategic focus includes predicting, preventing, protecting, detecting, responding, and recovering from cyber-attacks. He has observed that the CIO\CISO often rely on a framework based on tick box compliance, driven by consultants who lack first-hand experience in handling cyber-attacks. In contrast, Azeem's approach is based on three decades of experience managing some of the most significant cyber-attacks while simultaneously growing business revenue and achieving strategic growth, for some of the worlds largest brands.
Streamlining Operations with Emerging Technologies
In discussing the impact of disruptive technologies, Azeem highlights the significance of AI, automation, IoT, and big data in revolutionizing the way humans and machines interact. The integration of these technologies enables digital transformation, reduces costs, and improves processes across all business functions. However, Azeem also acknowledges the challenges involved in effectively utilizing these technologies and emphasizes the need for a holistic approach to their implementation. To successfully leverage automation, businesses must bring together the necessary skills and expertise to design and deliver solutions that meet their unique needs, whether that be through data-driven, low-code or bespoke coding applications.
Strategic Planning for the Future
Azeem claims there is concern that the advances in technology and security monitoring may lead to a loss of freedom under the guise of safety and security, potentially resulting in a shift towards a military state. It is also suggested that there is a need to focus on various sectors such as crypto, finance, payments, wealth, energy, utilities, oil and gas, and airlines. To effectively address these issues, five key areas require attention: skilled resources, competent leaders, retention of good staff, board level buy-in to cyber risk and business enablement, and intelligence-led risk management and response services. Additionally, it is noted that there is an increasing need for good cyber professionals and that investing in skilled resources can ultimately save costs in the long run.
Advice for Aspiring CISOs and Cybersecurity Executives
Azeem advises aspiring CISOs and CIOs to seek out a mentor who has experience in multiple organizational sectors, understands the landscape, and has dealt with large cyber-attacks. He also warns of certain red flags to watch out for, such as a lack of focus on business development and risk, or a lack of experience building, transforming, and managing strategy within an organization for more than two/three years. Additionally, Azeem emphasizes the importance of staff development, as a strong team is critical to success in the field. He notes that the role of a CISO is constantly evolving, and that it is not a job to be pursued for fame or glory, as the CISO is often only noticed when things go wrong, at which point they are expected to fix the problem quickly.
Quote: "Don't worry about what other people think of you, be the best you, pursue excellence, and success will follow"
Management: Azeem Bashir, Group Chief Information Officer & Chief Information Security Officer – CIO\CISO – Global Chair – Cyber Committee Member for EMEA & Asia-PAC, Cyber Evangelist, International Speaker, CIO\CISO Mentor, NED, Board Advisor, Governmental Advisor
