Chief Information Security Officers (CISO) are driven. Angel Redoble, the First Vice President and Group CISO for PLDT Group, ePLDT Group, and Smart Communications, epitomizes that attribute. In addition to his position at PLDT Group, the largest telecommunications company in the Philippines and the only Philippine company listed on the New York Stock Exchange, Redoble is engaged in outside activities that promote cybersecurity. He teaches cyber warfare, cyber intelligence, and cybersecurity at the Philippines’ national defense college and is also an adjunct professor and program director for the cybersecurity executive course at the Asian Institute of Management. To grow the number of cybersecurity practitioners within the Philippines Redoble is the Chairman and Founding President of the Philippine Institute of Cybersecurity Professionals.
Developing Cybersecurity Professionals
To successfully protect against hackers and cybercriminals requires a dedicated and educated cybersecurity workforce. Recruiting and training the next generation of cybersecurity professionals is a passion for Redoble. He believes it is imperative that the Philippines needs to create a constant sufficient supply of trained and dedicated security technicians. “Cybersecurity is a national security issue.” Redoble understands the appeal of cybercrime to some talented young people but by appealing to patriotism is it possible to encourage talent to do the right thing for the good of business and for the country.
“Hackers are constantly creating, testing, and launching attacks, and thus, cybersecurity professionals must continue learning and enhancing their skills.” To turn these thoughts into reality PLDT Group has institutionalized a five-month training program for new hires. It is a rigid training program that allows PLDT to have the staff start to contribute before the program is fully completed. “We are probably the only organization in the country who hires fresh graduates for our cybersecurity operations group.”
As is demonstrated by the training program, Redoble’s teaching activities, and participation in a professional organization, he believes CISOs need to share with the community. “A leader creates more leaders. A good CISO needs to inspire people to embrace the profession of cybersecurity.” He sees a future where people work together to make the “world and our cyberspace a safer place to live, work and do business.”
Advanced Planning Was Invaluable
Since the beginning of the COVID-19 pandemic cybersecurity has been a challenge. Cybercrime has spiked around the world with a few hundred percent growth. However the biggest challenge for a CISO was the changing nature of the workforce. The lockdowns forced organizations to have staff work from home instead of in an office. PLDT Group and Smart Communications were no different. With foresight Redoble and his staff prepared for the possibility of a lockdown. Starting in January 2020 they prepared for having up to 20,000 employees working off-site. They had to ensure that the level of security for remote workers was comparable to the office environment. Working with the IT department they developed a plan that ensured enough VPN licenses were available. “We had to reinvent and re-engineer how we do things, to make sure we protect our infrastructure at the same level we protect our users. The paranoia just went higher than before.”
Dual Protection Strategy
As CISO at a telecommunication company, Angel Redoble has two roles. He is responsible for managing the security of the company infrastructure but is also entrusted with protecting the customers who use the company’s services. His philosophy is “customers entrust their confidential and sensitive information to us therefore it is our responsibility to ensure the highest level of security is implemented to prevent security issues.” He added that providing clean traffic (e.g. connections free of malicious activities) to his subscribers is part of the company’s strategic goals. To be successful requires robust end-to-end security that does not require the customer to change their behavior. Redoble explained that PLDT Group has deployed technology that prevents their millions of subscribers from accessing websites identified as malicious or phishing sites. They also have a continuous supply of threat intelligence information fed automatically into their threat intelligence database.
During the past year security controls have needed to work because of the huge increase in criminal activity as a result of COVID-19. Attacks against users have escalated immensely. In the whole of 2019 they blocked access to websites about 13 billion times. They are now preventing nearly as many connections a month. For example in April 2020 connections were stopped almost 10 billion times. They specifically “blocked more than a hundred thousand COVID related scamming and phishing websites.”
Related to protecting customers, Redoble is passionate about ending the scourge of online sexual abuse and exploitation of children (OSAEC). “One reason I helped create the Philippine Institute of Cybersecurity Professionals was to advance awareness within the Filipino community about the dangers of the internet, especially to women and children.” The PLDT Group is also committed to combating this plague. They are working to prevent their millions of subscribers from accessing child pornography. Redoble related that the Group has taken down over three thousand websites that host illicit content. They continue to expand the capabilities of their network-based child protection platform and are testing additional technologies that allow automatic blocking of end-user access to prohibited content.
In order to advance this further, Redoble advocated for, and finally formalized membership into the Internet Watch Foundation (IWF) by the PLDT Group and Smart Communications. As a member of this global coalition PLDT and Smart expands additional intelligence sources by gaining access to the large global database of domains with identified OSAEC content.
CISOs Management Responsibility
Angel Redoble’s role as FVP and CISO of a large telecommunications company is challenging yet he believes he has an advantage many CISOs do not have. “I report directly to the CEO who is also the Chairman of the Board. I’m in a very good position.” When hired it was with the understanding that he would have control of all three layers of defense. Prior to Redoble coming onboard, the security functions were divided between operations, risk and assurance, and internal audit. He believes distributed leadership inhibits cybersecurity improvement. “By combining the three layers of defense we can implement a comprehensive strategic plan. Centralization allows proper allocation of resources, fosters internal communications, monitors spending, and implements improvements based on input from all three disciplines. With concentrated management there is no need to spend time and effort negotiating compromises”.
He believes all CISOs must report to the CEO, company president, or whomever is running a company. There are two specific reasons for this position – strategic authority and budget. “No matter how good you are as a CISO if you do not have full authority or budget you will not be successful.” A CISO must have the authority to develop policies and processes, deploy needed technologies, implement improvements, and ultimately to have full visibility into network operations. Regarding budget matters in order to fulfill the security strategy the CISO needs to know what budget is available and not need to rely on some other department. Having full budgetary control allows flexibility to shift monies as a result of changing priorities.
As a final thought, Angel Redoble has worked exceedingly hard, as has his whole team during the COVID pandemic. When the Philippines went into lockdown and many employees worked from home, the critical network and security staff quarantined within the security operations centers. Supplies and belongings were pre positioned so that when the orders came down they were prepared. Prior to the lockdown Redoble relaxed by visiting his family’s farm. Over the last year that was not possible but he is looking forward to being able to travel to the country to visit with his family. Until then he continues to support and advocate for improved cybersecurity within the Philippines.