Image

If security were simply a subset of IT infrastructure, it would make sense to maintain a reporting structure in which security professionals report to the CIO. However, every facet of the enterprise depends on a secure IT infrastructure, and today’s CISOs are finding that they need to work with multiple C-level authorities.In other words, CISOs are beginning to directly report to CEOs more frequently because security as an issue extends beyond IT. Kal Bittianda, head of executive recruiter Egon Zehnder’s North America technology practice group, explained for Security Roundtable that digital security is an enterprise-wide concern. As such, CISOs need to have the freedom to tackle its many facets, including the use of security awareness training and other educational campaigns to improve employees’ digital preparedness. This begs a question: what does this mean for the types of skills that CISOs should use on the job? Are their security skills as important as they used to be? That’s up for debate. On the one hand, CISOs need their security skills in order to evaluate the organization’s risk posture and craft an appropriate security strategy. That’s not to say that they should be building their own Splunk reports as part of their everyday work functions, but they should be familiar with a variety of security technology and principles so that they can formulate as comprehensive a security strategy as possible. On the other hand, CISOs need to draw upon other skills so that they can effectively explain security risks facing the organization to the board and direct their strategy’s implementation across the entire enterprise. Security personnel can’t necessarily pick up these skills while working their way up the infosec ladder. In fact, there’s something to be said about CISO candidates moving through the facility, legal, HR and marketing departments to be able to both understand and approach digital security as a holistic problem. So, what should these skills be exactly? Tim Erlin, Tripwire VP of Product Management and Strategy, and Thom Langford, experienced CISO and Founder of (TL)2 Security Ltd, tackled this very topic in “Modern Skills for Modern CISOs.” Over the course of the webinar, Tim and Thom each identified the five skills that they feel are the most important for the modern CISO. They then discussed the merits of their respective skills lists to better understand what skills are necessary for CISOs to be successful in today’s evolving enterprise. Learn what skills now can most effectively help CISOs fulfill their job duties by viewing Tim and Thom’s webinar here: https://www.youtube.com/watch?v=qLrBme_N1Ns