Governance & Risk Management , Incident & Breach Response , Security Operations

Profiles in Leadership: Marcel Lehner, CISO, MM Group

Running a 'Hearts and Minds' Campaign to Push Information Security Management Uptake
Marcel Lehner, CISO, MM Group, and CyberEdBoard executive member

When Marcel Lehner was hired to be the CISO of MM Group in Vienna, his mandate from the board of directors was to better embed information security throughout the organization.

See Also: Evaluating and Reducing Supply Chain Risk

To do that, "you need to have a lot of energy," as well as network not just with other CISOs but also practice excellent "internal networking," he says. Lehner says he devoted months to selling his strategy internally, not least to the IT teams located at MM Group, which is Europe's largest producer of carton board and folding cartons, but which has manufacturing plants around the world.

"When you start out at a new company, the most important step is to get people into your boat, to get them into your vision, into your strategy, and to communicate," Lehner says. "As a CISO I would say you don't have to only be a techie guy, you also have to be a bit of a storyteller and also a little a bit of an economic guy, so you have different roles in your job."

In an interview with Information Security Media Group as part of the CyberEdBoard's ongoing Profiles in Leadership series, Lehner discusses:

  • Making the business case for having an information security management framework and system;
  • Lessons learned from becoming one of the first Austrian manufacturing companies to achieve ISO 27001 certification;
  • The security promise of artificial intelligence, greater automation and consolidation of tools.

Lehner is CISO of the MM Group. He is an experienced cybersecurity executive who's previously worked at such organizations as Austria's postal service, IBM and Siemens. Lehner has a passion for driving sustainable outcomes, change and continuous improvement by constantly delivering innovative security programs, managing risk and improving global and complex organizations' cybersecurity posture.

CyberEdBoard is ISMG’s premier members-only community of senior-most executives and thought leaders in the fields of security, risk, privacy and IT. CyberEdBoard provides executives with a powerful, peer-driven collaborative ecosystem, private meetings and a library of resources to address complex challenges shared by thousands of CISOs and senior security leaders located in 65 different countries worldwide.

Join the Community - CyberEdBoard.io.

Apply for membership


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.eu, you agree to our use of cookies.