Cyber-hacking and the CISO

I was reading, over the weekend, ITGP‘s excellent CISO guide – The Chief Information Security Officer: Insights, tools and survival skills – and found an excellent description of the essential changes that have to take place in the CISO role:

Although technical expertise remains a foundation requirement for the CISO role, to be truly effective today, the CISO must be an articulate and persuasive leader with real business experience who can communicate security-related concepts to the senior management team in order to guide risk management decisions.

Faced with the growing threat of cyber-hacking, in an economically challenging environment, the need for persuasive CISO leadership has perhaps never been greater. The CISO has to describe the Chinese Cyberwarfare threat, produce a costed and balanced strategy for ensuring that the organisation is adequately resilient against a wide range of attack vectors, and get board and cross-business buy-in to an implementation plan that inevitably involves some changes to user behaviour, while ensuring that the organisation’s trading capability isn’t in any way diminished.

This has to be achieved against a background of increasing regulatory and compliance requirements, as well as the security aspects of the proliferation of new technologies, cloud migration, mobile de-perimiterisation, and the myriad of challenges posed by the spread of social media usage into business eco-systems.

If you can ‘talk business’, this is an exciting time to be a CISO!