As hackers boldly attack major corporations and pilfer customer information and cash, the daunting role of chief information security officers (CISO) is increasingly in the spotlight.
Although the CISO function has existed for years, cyber security is now so central to the mission and execution of an enterprise, regardless of what industry it’s in, that the role is becoming more visible among senior leaders.
As a prosecutor and a former Homeland Security assistant secretary for cyber security and communications, Greg Schaffer has seen his share of smart criminals — and it’s made him a better CISO.
“Being a CISO requires you to think like a bad guy a little bit,” says Schaffer, who works at FIS, a provider of banking and payments technology. “There are a lot of people in IT who are really good at understanding how technology works, but it’s hard for people to wrap their brains around how someone is going to misuse something designed for a certain purpose. The CISO has to be able to visualize that.”
What other traits must the CISO of the future possess?
- People skills — this job requires you to be a good communicator, but also have persuasive capabilities and the ability to translate security concerns to the C-suite
- Analytical skills
- The ability to manage risk without sacrificing the enterprise’s ability to interact and collaborate in a way that facilitates business
- A strong backbone and a propensity for politics — CISOs rarely get carte blanche to carry out their policies; they need to be aware of the C-suite politics to be successful
“A good sense of paranoia is also valuable,” says Willis F. Marti, director of networking and information security and CISO at Texas A&M University. “It’s not really paranoia if the bad guys really are out to get you.”
Indeed they are. The experts agree that the biggest threat to companies is mobility, and it’s causing CISOs to rethink security. The old mobility was limited to laptops leaving a company’s premises. Today, people are accessing data from smartphones in their pockets and updating them via cloud synchronization. Mobility changes the way CISOs think about who gets access to what, how they’re monitoring it, and how they can ensure the right people have the right access at the right time.
Marti adds that there’s no patch for human stupidity. Employees are clicking on links and ads they shouldn’t, and giving credentials to emailers. All of these functions are occurring while the corporate email is open, creating vulnerabilities for the enterprise.
The CISOs of the future face menacing security challenges and must leap tall buildings. They aren’t technically superheroes, but they’re close.
“Companies are still realizing the value of the information they have and how vulnerable it is,” Marti says. “They need (CISOs) and real policies and actions to successfully keep their information safe.”
Learn how coming innovations will impact risk management of the future in the February 21st Innovation Insight webcast. Join HP Enterpise Services CTO Chris Moyer for his views on “Five forces that could make or break the next –generation enterprise.” Register now.