Leadership & Executive Communication , Training & Security Leadership , Video

CyberEdBoard Profiles in Leadership: Jon Staniforth

Former Royal Mail CISO on Aligning Security Strategies With Business Goals
Jon Staniforth, former CISO, Royal Mail, and CyberEdBoard member

In cybersecurity, understanding the core mission of a business is essential to building effective security programs. Jon Staniforth, former CISO at Royal Mail, said CISOs must focus on business processes that are crucial to operations and manage compliance within that scope.

See Also: Preparing for New Cybersecurity Reporting Requirements

Reflecting on his experience in building cybersecurity programs and the lessons learned from setting up security functions, Staniforth advised CISOs to educate the executive team about risks while letting them make informed decisions. "Something I've learned over 20 years is moving from a pure techie lens to realize that it is more about changing the company and doing the right thing," he said.

"The ultimate decisions lie with the executive team because they're the ones that are making risk decisions, not just about cyber but about everything else," Staniforth said. "The decisions will be based on where they are in their company journey, what their priorities are, and ultimately, if they're there to make a profit. They've got to do that with the balance of how much can be fixed at the same time."

In this video interview with Information Security Media Group at Cybersecurity Summit: London, conducted as part of the CyberEdBoard's ongoing Profiles in Leadership series, Staniforth also discussed:

  • Aligning security initiatives with core business processes to ensure compliance;
  • The importance of educating executives on risk, while allowing them to decide priorities;
  • The role of CISOs in setting up security functions during business transformations.

Staniforth has more than 20 years of experience in global organizations across diverse sectors, including logistics, telecom, technology, retail and financial services. He excels at addressing complex security challenges, applying his extensive background in risk management, compliance and behavioral change. He is a member of the CyberEdBoard.


CyberEdBoard is ISMG's premier members-only community of senior-most executives and thought leaders in the fields of security, risk, privacy and IT. CyberEdBoard provides executives with a powerful, peer-driven collaborative ecosystem, private meetings and a library of resources to address complex challenges shared by thousands of CISOs and senior security leaders located in 65 different countries worldwide.

Join the Community - CyberEdBoard.io.

Apply for membership


About the Author

Tony Morbin

Tony Morbin

Executive News Editor, EU

Morbin is a veteran cybersecurity and tech journalist, editor, publisher and presenter working exclusively in cybersecurity for the past decade – at ISMG, SC Magazine and IT Sec Guru. He previously covered computing, finance, risk, electronic payments, telecoms, broadband and computing, including at the Financial Times. Morbin spent seven years as an editor in the Middle East and worked on ventures covering Hong Kong and Ukraine.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.