A Chief Information Security Officer (CISO) at a restaurant chain is focused on several key areas to enhance cybersecurity, including securing third-party access, improving customer identity and access management, advancing security awareness training, and investing in software assurance. The CISO has had to adjust their plans due to an increase in attacks on call centers, prompting a reevaluation of how secure access is provided to third parties. They aim to integrate employee and customer identity management into a single platform, a departure from traditional separate handling, especially significant for retail and digital consumer sectors. Security awareness training is being revamped to include role-based training and virtual simulations, while software assurance efforts are focused on screening for vulnerabilities in both developed and acquired software, including open-source packages. Additionally, there's a push to improve situational awareness and response, particularly regarding IoT devices in restaurants, as these devices become increasingly interconnected and integrated into the network, posing potential security risks. The CISO notes that strategic cybersecurity roadmaps have been disrupted since 2019 due to COVID-19, with ongoing uncertainty about prioritization among peers.