So you are a CISO. Now what? What got you there will not keep you there. The time for evolution is here.
Much like special operations, operators of “CISO” are continually evolving. “You have to be uncommon among the uncommon.” Once you get to that level, you need to stand out even more. For example, once a special operator gets to an elite level such as the Navy SEALS Team, Special Forces Groups, Ranger Battalion, and MARSOC teams, they need to not only bring the formal ways of combat and operations with them but also bring innovational ways to step and think outside the box.
Cross-growth into CIO and CTO duties and even into risk management and strategy is now more common place for CISOs. That’s because it’s important to demonstrate value of the CISO position not from both a security and business prospective. To illustrate, it is critical for the CIOs to take into consideration the business operations momentum, processes and overall “the way business is done” when providing a security prospective. For example, we have seen health care companies and health care startups take on both roles and blend the positions of CIO and CISO together. This helps merge business and security into a single role.
Under that new combination, two business needs can be addressed and handled, which is important to the CIOs but also to the business and the organizational culture.
What I recommend from my experience
There are many actions and approaches a CISO can take when it comes to the “evolution” process.
First off, stand out and stand up. Speak and provide some sort of engagement not only at the C-Level but also at the level of the end user. If you are a call center CISO, step of out of your office (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/risk-based-security-for-executives/connecting-security-to-the-business/evolution-requirement-ciso/