Thursday, March 14, 2013

Jeff Snyder's Weekly Look Into What Makes a CISO / CSO Successful

I’m always looking for new ways in which I can use my position to bring value to the security profession. When I refer to my position, I’m simply referring to the position I occupy sitting between security, risk, compliance and privacy professionals and those who hire security, risk, compliance and privacy professionals. I constantly learn from the individuals I’m fortunate to work with every day so I’ve been thinking about how I can pass on some of what I learn for the benefit of others.

A few weeks ago I came up with the idea to leverage my position for the good of those who one day aspire to become a CISOs or CSO. For that matter, current CISOs or CSOs who are struggling might benefit from the advice of their successful peers.

The idea is pretty simple. I’ve begun reaching out to CISOs and CSOs to find out what they think the secret to their professional success is so I can share their secrets with those who wish to one day be a successful CISO or a CSO.

I hope you find this information to be helpful. I’ll try to post a new success secret every week as these points of view are shared with me.

How the CISO in the software industry views success

"The path to becoming a successful CISO depends greatly on the transformation of the individual and the company.

The ideal CISO comes from the technical ranks, but one that has learned that this is a new job merely based on the technical background of one’s past.   This is much like the transformation that one must make to become a successful technical manager/director.  As a technical manager, you had to depend on your technical knowledge while embracing the new role of learning to lead; an entirely new career field.  Your next evolution is to embrace that change and take it up a notch so that you can now be focused on the business while relying on your technical and managerial skills.

To add to the difficulty of this personal transformation, your organization must also make appropriate changes to see that the role of the CISO crosses the entire business.  One of the biggest mistakes that many organizations make, is to continue to place and see the CISO role too low in the organization.
All too often organizations continue to see this role as Director of Security and as a sub-function of the CIO.  The effective CISO is involved in all aspects of the company from technology, physical security, HR, contracts, to mergers and acquisitions.

On top of the personal and organizational transformation, the CISO must continue to be the ultimate Security Sales Officer; to assure the customer that the company has good security and to continue to motive each employee to be ever vigilant.  During the early stages of this Cyber War we can no longer afford for anyone in the organization to be asleep at the wheel."

Care to Contribute?

If you are a CISO or CSO and you would like to contribut your thoughts, please call me so I can explain to you what I'd like to deliver to readers.

Jeff's Security Recruiter Blog