Читать книгу 8 Steps to Better Security - Kim Crawley - Страница 13

Not all organizations have chief information security officers. For the most part, they're like chief technical officers, but they're focused on cybersecurity. The nature of this executive role bridges the gap between nontechnical business leaders (“the suits”) and the IT department (“the nerds”).

Sometimes a company will outsource functions of the CISO role to a managed service provider or some other sort of third party. Either way, if your organization has a CISO, they're the top of the cybersecurity hierarchy. A CISO's job is to lead an organization's security team and to work with other executives to make sure the organization meets its cybersecurity goals. If a company gets hit by a major cyberattack that costs them millions of dollars, their CISO will be very stressed out.

I asked some security leaders what makes an effective CISO. In a nutshell, CISOs need to be able to work well with people. It helps to understand cybersecurity and information technology in general. But people skills are paramount in the CISO role. You need to be able to explain to other executives, such as the chief financial officer, why money should be allocated for a security budget. You need to be able to explain why spending $500,000 on cybersecurity can save the company $5 million. Further, you must also be able to lead your security team, including the people in your IT department.

Andreas Bogk, a principal security architect, also believes the CISO needs to be able to remain calm in a crisis. Nav Bassi thinks curiosity and resilience are important traits in a CISO. Randy Marchany, the CISO at Virginia Tech, believes in a strong team and thinks the CISO needs to be able to trust, defend, and cultivate the growth of the team. These characteristics all demonstrate the need for a CISO to be able to work well with other people.