Given the ever-changing nature of today’s threat landscape, the role of Chief Information Security Officer (CISO) can now be considered one of the most critical inside any organization. Whether CEOs and Boards – or even CISOs – recognize it as that is another thing. Regardless, it’s time to face the truth of the matter – gone are the days of information security being viewed as only a technical function within an organization.
Recent events have proven that without proper cybersecurity measures in place, a company can be seriously compromised – both financially and reputationally to mention a couple. C-suites and Boards across the world are becoming increasingly savvy when it comes to the realization that information and security can no longer be considered as simply an IT issue.
To take an accurate assessment of a company’s threat landscape, as well as manage its ongoing security posture, CISOs must have an expanded, active working relationship with both the CEO and the Board. Therefore, it’s important that modern CISOs be strong leaders and confident communicators that can clearly identify, convey and intelligently discuss business issues that bring upon security challenges (versus simply the status quo of simply talking technology and various product fixes).
Organizations need strong CISOs who can effectively influence change within, influencing the people, processes and technology that are successfully able to drive the day-to-day functionality and success of the security program. Most importantly, today’s CISOs need to ensure his or her program considers its most mission-critical business needs and has a thorough understanding of the processes that are essential to the success and stability of the company at hand.
In today’s ever-evolving information security environment, CISOs need to be prepared to adapt their defenses to address a sophisticated range of attackers and simultaneously help drive innovation within the business by being a champion of new technologies like AI, IoT and blockchain which have the potential to impact all industries. Despite what they’ll hear from most vendors, technology alone is not a silver bullet that can ensure the security of an organization. In many cases, the first step toward creating a sustainable defense is to address attacks that prey on human vulnerabilities and error. Therefore, it is of utmost importance that a CISO establishes an enterprise-wide culture that embraces security as a core component of doing business.
In conclusion, the modern CISO must solidify support from the C-suite and Board of Directors by clearly articulating how security protects mission-critical operations and provides a sustained competitive advantage through innovation and brand loyalty. While doing this is often easier said than done, individuals in this newly-evolved role are at an advantage when it comes to the sheer opportunity at-hand.
One should cling to opportunities for continued growth of their skillset, as well as explore partnership opportunities with experienced CISOs at advisory firms and industry authorities who know how to clearly articulate how security protects mission-critical operations and develop and implement programs that not only execute best practices in information security to protect but inspire innovation for growth.
About the author: Jonathan Steenland is responsible for co-leading Zyston’s CISO Advisory and Consulting Services. Prior to joining Zyston, Jonathan served as Chief Information Security Officer at Fujitsu where he was responsible for developing strategic security programs for Fujitsu’s global business. Prior to joining Fujitsu, Jonathan worked for the U.S. Department of Defense and the U.S. Army. He is passionate about creating innovative security programs that are aligned with business needs, providing sustained competitive advantages for clients, as well as developing next-generation cybersecurity professionals through Zyston’s leadership development program known as Top Gun. Zyston.com.
