CISO Panel EPISODE 3

Join us for a deep dive into the evolving landscape of supply chain security, with a special focus on the emerging threats posed by AI. In this episode, we're joined by Matt Martin, CEO and founder of Two Candlesticks, a seasoned cybersecurity expert with 25 years of experience.

Key Discussion Points

1. Third-Party Risk: A Growing Concern

One of the standout challenges discussed was third-party risk. Companies increasingly depend on external vendors, which introduces vulnerabilities. Matthew stressed the importance of robust vendor assessments and continuous monitoring. Organisations need to ensure third-party controls align with their own risk appetites without becoming overly reliant on tick-box compliance.

2. The Compliance-Innovation Dilemma

Emerging markets face a tough decision: stick to rigid compliance frameworks or embrace innovative, risk-based approaches. Compliance ensures uniformity and accountability but can stifle creativity and lead to unnecessary expenses. On the other hand, a more flexible system requires skilled auditors who can assess whether risk assessments and controls are appropriate—resources often scarce in regions like Africa.

“If you want to go the innovation route, you need really knowledgeable auditors. It’s no longer just ticking boxes; it’s understanding and evaluating nuanced risk management decisions.”

“You might not need the same controls as Vendor A or Vendor B, but compliance often forces you to adopt them anyway. That’s where risk-based approaches can make a real difference.”

3. Lessons from 2024

The industry learned three key lessons:

• AI is Here to Stay: Artificial intelligence has proven to be more than hype, fundamentally changing security practices.

• Revisiting Fundamentals: Many organisations found that their basic security measures were lacking, prompting a return to foundational practices.

• The Skills Mismatch: Despite ongoing discussions about a talent shortage, the real issue lies in misaligned skills. Experienced professionals may lack the knowledge needed for newer, more advanced security demands.

4. Predictions for 2025

Looking ahead, Matthew highlighted several transformative trends:

• AI Explosion: Expect a surge in agentic AI capable of replacing human tasks in specific areas. This will redefine security roles and team structures.

• Deepfake Challenges: Improved AI will make deepfakes harder to detect, necessitating better verification tools for video and voice interactions.

• Workforce Dynamics: The return-to-office push could create instability as employees reassess their career priorities.

5. The Human Element: In-Person Connections

While the industry leans heavily on digital tools, Matthew emphasised the unmatched value of face-to-face collaboration. Building relationships in person fosters stronger trust and more effective problem-solving—essential for navigating complex global challenges.

“Being there in person makes all the difference. Those relationships are stronger, and they’ll be what you rely on when issues arise.”

About Matthew Martin:

Matt Martin is a seasoned cybersecurity expert and the CEO and founder of Two Candlesticks, a full-service cybersecurity consulting firm. With a passion for helping small and medium businesses, as well as emerging markets, Matt brings a wealth of experience and insights to the table.

https://www.two-candlesticks.com

Don’t forget to subscribe to the CISO Panel series for more expert-driven discussions on the latest in cybersecurity!

Follow Matthew Martin on LinkedIn for more insights and tips on navigating the intersection of speed, innovation, and security in today's digital world.

Subscribe to the CISO Panel Fireside Chat Series for more expert conversations and debates on cutting-edge cybersecurity topics.

‍