Knowing how to manipulate the corporate system is more important than techie cred.

Sara Peters, Senior Editor

November 6, 2014

1 Min Read

Don't feel insecure about your lack of a heavy technical background, CISOs, because the most successful CISOs are those with a business background, said Kris Lovejoy, general manager of IBM Security Services, at an IBM security leadership forum Wednesday.

Lovejoy provided a preview of research IBM conducted about the state of the CISO; the full report will be released next month. Among the findings: Most CISOs report into IT (and the CIO) "because that's where the money is," while others are reporting to their CEO, chief operating officer, or chief administrative officer.

The reporting structure is one of the reasons that CISOs coming from the business side are more effective, says Lovejoy, because "they know how to manipulate the system" and get things done despite the challenges of organizational politics or bureaucracy.

Sixty-three percent of the enterprises included in the study have a dedicated CISO. Lovejoy said this number was too low. "It's such a nascent career," she said, "and that scares me."

"They're not getting it from magical means," but rather through human error. Therefore, she advised CISOs to focus on the end-users, by building a culture of security awareness and hardening endpoints.

Other advice: Don't fool yourself that your organization is not using cloud services. "Talk to your CMO," advised Lovejoy, because most of the projects that employ third-party cloud services (often for website building or hosting) are run by the marketing department.

About the Author(s)

Sara Peters

Senior Editor

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad of other topics. She authored the 2009 CSI Computer Crime and Security Survey and founded the CSI Working Group on Web Security Research Law -- a collaborative project that investigated the dichotomy between laws regulating software vulnerability disclosure and those regulating Web vulnerability disclosure.


Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights