Cybersecurity, Leadership & Breaking Barriers

Paul Jackson: Wherever you are in the world. Hello and welcome to THEOS Cybernova podcasts. My name is Paul Jackson, your host. And before we begin, I’ve got a quick favor to ask from you. There’s one simple way that you could support our show, and that’s by hitting the follow or subscribe buttons on the app that you’re listening to the show on right now.

It makes a huge difference in helping to get the show out there to as many people as possible. So please give us a hand and click that button now.

The THEOS Cybernova podcast hosted by Paul Jackson.

Paul Jackson: So here we go with episode ten of Theo’s Cybernova podcast. I’m Paul Jackson, and each week I’m digging into the latest trends, challenges and innovations shaping the cyber security landscape. As well as talking to a fantastic mix of leading industry experts, thought leaders, legal eagles and technologists with a particular focus on the Asia-Pacific region.

So whether you’re a professional in the field or simply curious about staying safe in the digital age, we hope THEOS Cybernova  will offer up valuable knowledge and actionable insights for everyone. Today, I’m delighted to welcome Silvia Lhensekhien. Have I got that right, Silvia?

Silvia Ihensekhien: Yeah. Yeah. Almost perfect. Almost.

Paul Jackson: Go on. Pronounce your name for us, please.

Silvia Ihensekhien: Ee-hen-seh-kee-en.

Paul Jackson: Okay. I’m not going to try that again. We’ll call you Silvia from now on in the episode, if that’s all right with you. Okay. But, you know, it’s, you know, this is women in cyber month. March. And, it’s a true honor to have you on the show because you are one of the leading lights in the in the world of cyber from a female point of view, because you’ve risen to the dizzy heights of CISO of Swire, Coca-Cola, Coca-Cola.

And I know many in the audience will love to know your career journey and how you got to where you are. So why don’t you start by introducing yourself a little bit and letting us know a bit about your career story?

Silvia Ihensekhien: Okay. Hi everyone. I’m Silvia Ihensekhien and okay, so, why do you think that my Ihensekhien coming out a little bit about myself, right. Of course, it’s my hubby’s last name. So when we got married, I tried to not changing my last name because, you know, changing last name is so different. Changing all the documents. So I ask him it’ll take a long time, and  then he only give me three word, “Take your time”. So that means I have no choice. And here I am using Silvia Ihensekhien instead of Silvia Lam.

Paul Jackson: Very good. Yeah. How long did it take you to get used to pronouncing it?

Silvia Ihensekhien: First I need to get the spelling right. So this is very embarrassing to start on Sunday. I’ll take me a month or so to really get it in my mind. Yeah, I might be a slow learner.

Paul Jackson: Okay. No, but, I’m definitely a slow learner. But anyway, it’s lovely to have you on the show, Silvia. So, talk to us about your career. I mean, how did you get started in cyber?

Silvia Ihensekhien: Okay, so it is a pretty long story, okay. When I graduated from secondary school, right. So when I go to university first I said, which subjects should I choose first?

So it’s a lot of subject that you don’t have in secondary school. And then I saw how I looked at the subject title. I said, oh, computing studies sounds interesting. And that’s why I choose it, not because it is a more process. It’s just like I’m interested in, I feel. So use my gut, feel like to study computers.

At that time, there was no cybersecurity, its not yet at that stage, right? So I start in my computer studies journey and then after I graduate, the first thing is that I become a teacher. I didn’t go out on commercial, become a teacher, and then for about two years, let me just light because I was young at that moment. So I wanted to change a different set of coaching the student who might be taller than me. So that’s why I teach the commercial field, get my certifications and go tothe commercial field. And later, what I discover is that I’m the one I like to solve the problem. Bringing the technology and operation together, no matter which business I was on.

So I’ve been to many industry ,start ups and then remember startup booms and then a lot of that. I’ve been working on an MNC and the educational field I work on operations mostly, so bringing energy and human together. Then somehow in my last job before I joined, Swire Coca Cola my last job was an e-commerce platform on shipping, so I’d been working there almost 15 years.

Long commitment. it is, quite a niche company, small because its only offer to ship marine time. So we bring ship owner and ship supplies together. I have the procurement platform, so you might wonder why the company with such a niche market, right, can keep me for 15 years because they offer me a lot of opportunity.

Paul Jackson: I thought. I thought you were going to say they offered you a lot of money, but, (laughter)

Silvia Ihensekhien: That is another discussion, Paul.. Opportunities. Right. So I become a project manager because, helping to kind out to make sure that integration work coming. Well, well, and a later, of course, I take care of the customer support, taking more and more responsibility for development, QA. And now, of course, at that time under IT operation, that is a part security, but it is integrate in the IT operations. So it’s very natural that the company do a lot of company do it that way that time. So when the security is starting booming and a you have more and more focus points as a e-commerce platform, we also really need to protect our customers.

And that time the community say, hey, I need to set up a new security team and then they invite me. “Hey! Are you willing to be the head off the security?” Right. Cybersecurity enough? Yeah. So I’m nobody but yeah. So I say yes. And then that’s why I came to the cyber security field. So I always say that, it is not me choosing cybersecurity is cybersecurity choosing me. So after that of course. Right. I been doing improve the security posture and, so I opportunity it’s why Coca Cola. So I want to go to a bigger and MNC and also why I choosing Swire Coca Cola is because of at that time. So I could go to have a really wide geo coverage, right?

In my previous company, although it’s you come most worldwide but they don’t cover China. So if I plan to stay in Hong Kong, I need to have a good connection to China. And I think it would be best for me to have a Chinese working experience. So that’s why I chose Swire Coca Cola

Paul Jackson: Interesting, interesting. But many would say well, manufacturing. Do they really need cyber.

Silvia Ihensekhien: Yeah that’s true. But manufacturing they also are vulnerable to attack because of the manufacturing lines. They use a lot of legacy systems. And then in order for the evolution that is industry 4.0, that means they become using more and more internet they were using cow. So it is all, new attack surface to order manufacturing industry.

On top of that, we also have our IT infrastructure. Consider we have a lot of location China, Southeast Asia, Hong Kong, Taiwan, U.S West. So what do you think? How do we connect together? We use of course IT technology and that’s why we are also one able to IT cyber attack. So IT and OT.

Paul Jackson: Right. That’s interesting. So do you see the convergence of the IT and the OT environments is one of your biggest challenges?

Silvia Ihensekhien: It is. It is it is always I think order manufacturing the so in manufacturing business we say the same but it is important to separate it because you don’t want to cross it. To isolate the OT network from the IT.

Paul Jackson: You are isolating it?

Silvia Ihensekhien: I am.

Paul Jackson: It’s interesting because more manufacturing that I talk to they’re actually integrating it for efficiencies etc. You’re still keeping it separate

Silvia Ihensekhien: Yeah, I still keeping it separate. Unless this is a really, really keypoint that we need to integrate it. But this is something that we might think of later. Maybe our plans become fully automation, right? Have more and more technology happen then we might consider that.

Paul Jackson: That’s really interesting. I would have thought I would have imagined there would be more integration already, but, yeah, that’s it’s certainly going to be a challenge when you down that path.

Silvia Ihensekhien: We need to be slow down. We don’t need to do anything in a rush.

Paul Jackson: I just approve. I’m here at Coca-Cola’s facilities. I’m just opening a can of your product.

Silvia Ihensekhien: Yeah. Thank you for support.

Paul Jackson: Well, you gave it to me, so. Yeah.

Silvia Ihensekhien: Oh, but you choose Coke Zero.

Paul Jackson: There we go. I’m trying to be healthy. You see, Silvia, Yeah, but yeah. So interesting that you also touched on the physical security side of things. And, that is interesting to me because one of our upcoming guests is actually a physical security head, but where they integrate more between the cyber and the physical world, and he’s going to be telling the story of how that converges. Do you find here that you isolate this? Do you, do you, do you not collaborate so much with the physical security or is there good overlap?

Silvia Ihensekhien: Yeah, I think there is some kind of overlap. Of course, the plant where they have a really good physical security in place because the plant is really important assets for us. So they have strict restrictions for physical security. They have very good in place. And then of course for the office. That’s why we have the physical security also. That’s why we set the governance.

Paul Jackson: Yes. Yeah. And as I said you know it’s an interesting topic for me because you know my law enforcement background. So I have many friends who work in physical security which is a natural progression from law enforcement. But they all tell me that there’s a far better need for them to understand the technology, because a physical security is all about tech nowadays. It’s all, you know, internet connected, etc.

Silvia Ihensekhien: For the physical security, we also emphasize on safety of the employees because of all these mechanical parts. Right?

Paul Jackson: Oh, 100%. Yes. Yeah. I never thought of it that way. But yes, of course, health and safety in the workplace must be a huge issue for you. Interesting. Okay. So let’s talk a little bit about your geographies. Yeah I know that’s a tricky issue here and there. I mean you know, you mean you, we do a lot of conferences right. And we’ve seen each other on panel discussions.

And invariably one of the hot topics is how to deal with entities operating, say in China or in other parts of the region where the laws may differ from, say, Hong Kong or other, and how difficult it is if you not only just China. Let’s talk about that specifically in a moment. But you operate in a number of jurisdictions. How challenging is it for you to keep up with all the changes in laws and regulations, etc.?

Silvia Ihensekhien: It is quite challenging, especially, we have to, keep growing our business. Last year we acquired Thailand and Laos. Oh, so we are growing our Southeast Asian market and then previously Cambodia and Vietnam. So all this new entity. Right just means new jurisdiction take place. And then we need to find a whole common ground to set our framework. So we have a group framework and apply to all the region. And of course all the region can have customized according to their regulations. But our framework is based on the best practice, which is about the same for all of them.

Paul Jackson: So what best practice frameworks to use?

Silvia Ihensekhien: For example, if you’re using, well, data privacy, you say PIA right. Yeah. A it is amongst all of them. So do you do have concerns PIA audits and for cyber security you the security control you need to think of it. So we have defined a number of security control to make sure that the framework. And then of course we are forwarding a standard ISO 27001 needs all this.

Paul Jackson: Right. Okay. Interesting. And are you getting lots that you’ve got to say this of course. But are you getting lots of buy in from your leadership here. You can say yes to this obviously.

Silvia Ihensekhien: Yes. Yes of course, right? Yeah. So a lot of my time. Right. Maybe a lot of audience thinking, I see. So spend a lot of time doing the technical thing implement or looking at where the attack is. Of course we do. We do. But a lot of my time is on stakeholder management. You can’t believe it over 70% of my time. It is through the lobbying. Come with a case and make sure that they understanding audits.

Paul Jackson: Yeah. No, I know full well because historically I’ve done border Mexico briefings to the Swire Group, as you know, down, down the years. And I actually find that the, the level of engagement here is, is actually, amazingly good. This is a lot of interest, of course, as there should be, cybersecurity is a concern from the executive level, but something you just touched on resonates because, a lot of people ask me, you know, CISO, what is their role really?

You know, should it be technical or should it be a, my, my own view is that you’ve got to be a good communicator. You’ve got to be able to translate the technical concepts, the security concepts into business language and language that the business leaders understand. So it’s very interesting that that was the first thing you mentioned about your role.

Silvia Ihensekhien: Yeah, it is it is always, always because the executive leaders are telling us what is the vulnerability is. What what’s the no one understand all this. So you need to talk to their language not leaving you in your own world.

Paul Jackson: Yeah that’s true. Yeah. But on the other hand, you, you know, you obviously need to speak the technical language with your teams.

Silvia Ihensekhien: Yeah. Yeah, that is another. So have two sides right? Yes. Right.

Paul Jackson: Yeah. But I imagine you wrote a very good team here and that to you. Obviously have the right people in the right place.

Silvia Ihensekhien: Yeah. Lucky me. Lucky you. My team is quite, quite good at the moment. And then they. Of course they are, well, doing a lot of different things. And then I’m surprised some of them, they are really honorable and then they pick up things. Right? Right. So lucky me.

Paul Jackson: Yep. Lucky you indeed. And, so let’s go back to China because honestly, that’s a hot topic. And in a future episode, we’re going to be talking more specifically about the China cyber security laws and the complexities, that this entails. But you’re right at the at the frontline of this, because obviously you have significant operations in China and the data transfer laws, the laws around what you can and can’t do around security must be quite baffling for you.

Silvia Ihensekhien: Yeah, it is because, of course, right. China is also one of our biggest region over among all of us, right? In terms of the number of people, definitely. So, in terms of the all this regulation whether  CIS or PIPA or this new regulation, we really need to keep tab into the latest trend because they always change. Maybe the first announcement of the law enforcement of the law is not very clear. And later they make some official amendment, hey, there is a draft, others. So that is something that we make it clear and clear. And then we can see that actually the China government is also helping the company to achieve this by making a clear guideline.

Paul Jackson: That’s interesting. Do you attend sessions with the government? The government led sessions to help clarify things for you, or is it just, you know, the stuff that you see alignment.

Silvia Ihensekhien: Oh, we do have some I do have some peer which is very professional in Chinese law, the cybersecurity law and a data privacy.

Paul Jackson: Do they actually understand the law?

Silvia Ihensekhien: Yeah they do. That’s how they make the living, right? So we have, very good, communication. We always they catch up with each other, discuss some of their what is the change. What is the impact. Of course we use consultants as well to help us to guide.

Paul Jackson: Interestingly, because obviously all these laws are translated into English, but you never get I mean, the real true definitions are in Chinese, right? Do you find this any conflict or any difference between the English versions and the and the Chinese versions that are online?

For us foreigners? We don’t read Chinese.

Silvia Ihensekhien: Actually, I can be Chinese.

Paul Jackson: I know you can. I know you can. But, for me, I can’t. Right? So, you know, do you think there are nuances that perhaps we might not get by not being able to read it in Chinese?

Silvia Ihensekhien: I think a lot of people. Right. Especially the Hong Kong system.

You mean middle of.. In the two world, it is very capable to translate it into English, right? Yeah. I, I’m not worry about that.

Paul Jackson: Yeah, but it is very, complicated. And that some of the definitions are a little bit vague. Do you not find that…

Silvia Ihensekhien: It is, is, is as I say, Chinese government always, right. They would just like making clear a guideline is structured data on. So I think a lot of it is some of them are very weak and not clear at the moment. But later we know exactly what to do, especially when we come to the time we need to, for example, file any assessment with CAC and then we will come to know. Of course, we always said that I would suggest always consult the local legal because they knew best.

Paul Jackson: 100%, you know, and this, you know, certainly from this point of view, because we often get asked if we can help international companies to test the security of their operations in China, or maybe help with a investigating a cyber incident that’s happened to, their entity in China. And sometimes being navigating that from a legal point of view can be challenging. And obviously, like yourself, we work with the correct legal guidance. But, you know, it’s always very difficult. For example, you know, if we, doing an investigation, what constitutes personally identifiable information because we will pull information if we’re doing an investigation, they should be metadata. But sometimes that metadata may be defined as personally identifiable information. So it’s a bit of a gray area when you’re trying to resolve a security issue. Do you find, though, that in general the authorities in China, are basically there to try and help companies be more secure rather than be too pedantic over the laws?

Silvia Ihensekhien: I think this is from a part thye try to help company. Of course they set up the law to regulation. And then there’s some so, so much they need to protect right. And then there’s some clarifications pending.

Paul Jackson: Right. Yes. It’s well, it’s an ever changing, game, isn’t it? You have to keep an eye on the updates.

Silvia Ihensekhien: Just like, for example, when you first launched GDPR is still some uncertainty at that time. So I think it is a similar stuff.

Paul Jackson: Yes. And I guess it’s a wait and see, you know, and see how companies, you know, those who breach if you like, the, these laws, how they are dealt with and, under what circumstances they are deemed to a breach. So, yes, I guess it’s a wait and see, isn’t it? Really? But seems like you’re well positioned to navigate all of this, though.

Silvia Ihensekhien: At least we know where who to get if I need help, right? You need to have your network, your resources ready. Right.

Paul Jackson: And I guess that would be your key advice to anybody who’s operating in China. Have your network and your guidance right.

Silvia Ihensekhien: You cannot do everything yourself, right? Because you’re not legal expert. You don’t understand the law as well as the legal expert. So always rely on the local resources on the regulations.

Paul Jackson: Right. You know, great advice there. Great advice. And I’m sure there’s a lot of our listeners who this is a hot topic for them. Yeah, I so let’s switch gears a little bit and let’s talk about, you know, promoting, you know, it’s Women in Cyber Month March. And, you know, we were talking before we started recording about how few female CISOs there are in Hong Kong, right? definitely. And a minority. Is that likely to change anytime soon? Silvia,

Silvia Ihensekhien: I think the situation will be improving, but change, I think, still lit up a little bit more time.

Paul Jackson: What are the barriers that

Silvia Ihensekhien: at the moment I think a lot of ladies feel to this light. I’m not comfortable sitting in cybersecurity because they still have the mindset, hey, this is not for the female world. It is always the guys dominated the world, right? So tech not even on the cyber. Cyber is only a part of tech. Right. So if you look at the always like that. So even cyber is more niche. So they are thinking of this is well I may not be good enough to do that. It is so technical

Paul Jackson: Right. How do we change that perception though? Silvia, are you involved in any, you know, initiatives, here in Hong Kong or anywhere?

Silvia Ihensekhien: Yeah, I do, I do actually, I graduate from Hong Kong Polytechnic University. Yeah. And then I’m still a mentor there. Oh, good. Yeah. To mentor. And then I sometimes you might for career talk which I’m happy to share.To go to the university or school to talk about it and, and to promote because you need to plan your seat. Right? Right. Starting early, not become when they are just like going to graduate and then it’s too late.

Paul Jackson: Yeah. It’s what do you think? Also the Hong Kong education system, a lot of parents, they push their kids to go into perhaps what they perceive to be more, I don’t know, higher level jobs, you know, in law firms or in banks or in, doctors or, you know, is that is that a misconception, or do you think that’s a that’s a a true statement?

Silvia Ihensekhien: Interesting question. I think I think it’s his. But remember cybersecurity now become the hot topics through career. Right. There’s a lot of shortage  of talent. Yeah. So that might be a good chance for them to get into the field. Okay.

Paul Jackson: So to any young females who are maybe listening to this podcast, what advice would you give them now starting out in their career? How should they, you know, approach this and get on the ladder if you like to success?

Silvia Ihensekhien: I think I think, well, a lot of the terms I heard is in impostor syndrome, right? So don’t be just like, well, don’t think yourself less than the others. You need to have confidence in yourself the first thing, and don’t afraid to make mistakes because everyone make mistake.

Paul Jackson: Yes, if you don’t make me think you can learn, right? You’re absolutely right. But I think also some of these candidates may think I need to study the tech, I need to study the tech. And certainly when I’m mentoring, when I’m teaching, I say, get out there, try and do presentations, try and learn communication skills. Because if you want to get up to a high position in cyber, you, as you rightly said earlier in the in the episode, you mentioned that communication is vital and I entirely agree. So how do we get them out of their comfort zone? Because they will say to me, well, nobody will let us speak at a conference or, you know, because we’re too junior. So how do they get that kind of practice?

Silvia Ihensekhien: Interesting. Lately,  I join a couple Toastmaster, so we form a TedTalk Toastmaster exactly. To address this problem, because we always think the tech people, not only cybersecurity, they are not the sole skill part, is a kind of lacking. So we are here to help them to see how they will do public speaking. So you don’t have a trust, but you can have to experience a chance to practice, right?

Paul Jackson: Yeah. So how do how do these. Because I’ve heard of the toastmaster club, but I’ve never attended any session. So a former colleague of mine in the police, Shawn Lin, who you may know is actively involved in that as well. What is the process? So, you know, so say, you know, there’s a junior, candidate listening, right now and they’re thinking, oh, Silvia mentioned Toastmasters. Great. What does that actually involve? You know, how do they go about joining?

Silvia Ihensekhien: And okay, so they need to have a strong commitment to come cup. I say it, it’s not really late for a lot. Right. Because if we want to learn they have course online course you need to attend and then they have different education path pathway. So choose whether you want a professional speaker or the others. But the first thing is that you need to have your commitment. Do I really want to do this? Before you commit on anything, go to the website you have look exactly what is a Toastmaster and then you get an idea. And of course, you are always welcome to reach out to me  in case you have any question.

Paul Jackson: Well, that’s very generous of you. So anybody listening, Silvia will be open to requests, I guess, via LinkedIn or somewhere. And you also, you’re a regular on the conference circuit as well. I guess, you know, seeing you do that and have quite a few other CISOs do it as well, although mostly male sadly. Because I obviously chair a lot of panels and I see them all, and we got one tomorrow, actually, where the Hong Kong Institute of Bankers tomorrow. Okay. Doing one. But anyway, again, male dominated panel, unfortunately. But, you know, giving up your time like this is pretty generous. And, but I think you do it as well, because you probably think it helps you in your, in your job, right, to get out there and communicate regularly.

Silvia Ihensekhien: It is because for me to getting out, right? I’m not just like it’s always two way. I can learn from others. I can learn from everyone, right? I can learn from my peers. I can even learn from the first lecturer I see. What are they thinking? So to see how we can get them engaged to the cybersecurity field.

Paul Jackson: Right. Okay. Okay. Well, the last question I’ve got to ask you is around your work. And what are you seeing as the big challenges at the moment? What’s really keeping you busy right now in the cybersecurity world?

Silvia Ihensekhien: I mean, I think, attack surface on the cybersecurity, right, because there’s a lot of new emerging technology coming, like Gen AI, need to talk about it right now, AI, just talk about it.

Paul Jackson: Out of interest, as a company, are you are you looking into how Gen AI can assist in your business?

Silvia Ihensekhien: We always look at all this opportunity, right? Because we want to drive the business. You might need to have a look at the emerging technology, but emerging technologies is the other way. You bring additional attack surface okay. So how do you balance it? It is a kind of challenging because you need to have the executive management well aware enough. Hey, you’ve got a fully, fully support, right? But at the time you need to make sure that the risk is minimized.

Paul Jackson: So that’s interesting you say that because when I talk to other, you know. Yeah, folks in your position, they sometimes say, well, the business goes ahead and does this sort of stuff without consulting us. You know, they’re trying to explore ways that it could enhance the business. And they’re not really thinking about security. Hopefully that’s not the case here, right. That they are collaborating. And you are looking at any emerging tech that’s being used from a security standpoint.

Silvia Ihensekhien: Yes we do. We talking about governance model, governance framework even on emerging technology. And of course, right. Since I, I would I’m thinking that we are doing quite good on this because our senior leadership is aware of this, of the risks as well. So we have the framework and everyone, if you want to use a new technology, you need to go for a very real process. On this assessment.

Paul Jackson: Okay.Without revealing any company secrets, are you able to say and because I’m curious, you’re right, you’re Coca Cola, right? Everyone knows Coca Cola, right? How would might you be using AI or AI in okay in the business. Is it something you’re able to talk about.

Silvia Ihensekhien: Well or one of the things. Right. True size right on the customers. That is how you would engage your customers doing the analytics. Right. All this unique AI, right. For example. And the following kernels are every company is using the same. How do you smooth your internal process? Make your life even more efficient right. That means less people do more work.

Paul Jackson: Okay, okay. All right. Well, that sounds reasonable. What about supply chain? No, because I mean, we always talk about supply chain risk. And you have a huge supply chain, right? So does that keep you awake at night.

Silvia Ihensekhien: It is. Supply chain is a very, very new fact for us, right, for all this, production line. But of course, we have a strategy to mitigate risk.

Paul Jackson: Right. And could you talk at all about that strategy, or is it just like…

Silvia Ihensekhien: A little bit just like separate as said before I separate the OT with the IT. Yeah. And make sure they are aware right. Awareness.

Paul Jackson: So I mean you got loads of providers and suppliers in your supply chain. How do you assess their levels of security and whether they might be a risk to you?

Silvia Ihensekhien:I think I think this is that right? A company can do it. Before you signing a contract, you need to evaluate a vendor properly on the procurement process. So at that time you need to squeeze in some security requirements to them. And then when they sign you need to do a risk assessment, if any high risk you might need the vendor to correct it before go live. And after that any you might need to do spot Chatman correct to have a risk assessment. Ask them to do the risk assessment again to see how their risk posture.

Paul Jackson: Okay. Is there a lot of pushback from them?

Silvia Ihensekhien: It might be, but we are the customers, right? Of course. It is our responsibility to vendors, as I say partners understand where why we do this right. It’s not just helping us but its also helping them.

Paul Jackson: Okay. Well, that sounds like a good strategy to do this. Yeah. So, you know, when you obviously a lot of this cost money, right? A lot of your incentives, etc.. What’s your strategy for getting budget? Because that’s another big question that we get asked. What how do you convince the leadership? Because you talk about your communication skills. You’re obviously good at persuading them to give you the budget.

Silvia Ihensekhien: Just be the best friend of your CFO, just kidding. Yeah. Of course. Right. You need to just like every  other business unit also fighting for the same budget. We are on the same pool so that we need to justify. And then what we did is always on a risk approach, r

Paul Jackson: Right? Do you do you have any strategy. Because when I talk to other CSOs, they say they tried to make cyber like a business enhancer or a business enabler. So it’s not viewed as a cost center. Do you have any I mean, maybe a bit difficult in manufacturing? I’m not so sure. Do you have any ways of making it look like you’re more of an earner, rather than a cost center?

Silvia Ihensekhien: That will be a difficult, difficult to change. Right. But we are the business enabler. Yeah. Oh, for sure. You know, you need to just like basic IP, IP infrastructure, right? All these databases enable. Without them, the business cannot survive. Same as cyber.

Paul Jackson: Before I ask you about the music question, because I always ask the music question in these podcasts, but, before I go there, where’s next for you? So, you know, a CISO right? Where would be, you know, if you were sort of, imagining your, your future a position where, where, where do you think you would go from here? Not. I’m saying you should leave Swire Coca Cola. Of course not for a minute.

Silvia Ihensekhien: That would be interesting. I think maybe coming up with my own company that might be. Be an owner, maybe?  But that is not yet on my plan yet. On top of my head, you know, I’m quite happy to be here. Of course, as long as I want to promote cybersecurity, that is my goal

Paul Jackson: 100%. And I think you know your role, honestly, as an ambassador in Hong Kong, you do tremendous work. I mean, you’re so well, no, no. And the amount of time I know you’re in a busy job, but the amount of time you devote to conferences, because I’ve seen you obviously at loads of conferences and events and I think the community as a whole, thanks to you, you know, for your participation and, being such a good role model.

Silvia Ihensekhien: Thank you.

Paul Jackson:  Yeah. So it’s pretty awesome. So normally, you know, at the end of these, these chit chats, I just switch over a little bit to music because it’s my way of decompressing right after. Okay. After it, you know, work. I love vinyl, I’m old school, you know, vinyl records and, it’s nice to sort of, listen to a bit of music in the evening, to, to relax after busy days. And, I was curious to know what my friends, and, connections in the cyber world are listening to. So do you do you listen to music? Do you have any? Well, what kind of stuff do you listen to? And, do you

Silvia Ihensekhien: Normally pop song.

Paul Jackson: Okay. Go on the name somebody you’re listening to at the moment.

Silvia Ihensekhien: Kelly Clarkson

Paul Jackson: Kelly of course and there you go. We got another person in the room is nodding and appreciating your taste in music there. Yeah I’m not so sure I’m a Kelly Clarkson fan but yeah. But no it’s you know.

Silvia Ihensekhien: Taylor Swift., Next time, give me a ticket.

Paul Jackson: All right.  Yeah. Okay. That’s a deal. This is a thank you for being on our show, but, Really, Silvia, you know, I. I honestly appreciate your giving up a bit of time to, to talk to the community and share your experiences. You’ve  had an amazing career, and, you’re definitely an inspiration. And, it’s fantastic to have you on the show during Women in Cyber Month. So thank you once again. Thank you very much for joining THEOS Cybernova

Paul Jackson: THEOS CyberNova was presented by myself, Paul Jackson, the studio engineer and editor was Roy D’Monte. The executive producer was myself and Ian Carless, And this podcast is a co-production between THEOS Cyber and W4 Podcast Studio.

The THEOS Cybernova podcast.