Knowing how to manipulate the corporate system is more important than techie cred.
Don't feel insecure about your lack of a heavy technical background, CISOs, because the most successful CISOs are those with a business background, said Kris Lovejoy, general manager of IBM Security Services, at an IBM security leadership forum Wednesday.
Lovejoy provided a preview of research IBM conducted about the state of the CISO; the full report will be released next month. Among the findings: Most CISOs report into IT (and the CIO) "because that's where the money is," while others are reporting to their CEO, chief operating officer, or chief administrative officer.
The reporting structure is one of the reasons that CISOs coming from the business side are more effective, says Lovejoy, because "they know how to manipulate the system" and get things done despite the challenges of organizational politics or bureaucracy.
Sixty-three percent of the enterprises included in the study have a dedicated CISO. Lovejoy said this number was too low. "It's such a nascent career," she said, "and that scares me."
"They're not getting it from magical means," but rather through human error. Therefore, she advised CISOs to focus on the end-users, by building a culture of security awareness and hardening endpoints.
Other advice: Don't fool yourself that your organization is not using cloud services. "Talk to your CMO," advised Lovejoy, because most of the projects that employ third-party cloud services (often for website building or hosting) are run by the marketing department.
About the Author(s)
You May Also Like
Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024