What You Need to Know this Year to Level Up as a Chief (Information) Security Officer
Like most C-Suite functions, the CSO role is evolving, having first appeared as the position overseeing security within the information-technology function. CSO is used interchangeably with Chief Information Security Officer (CISO), although writer Josh Fruhlinger asserts that “the CISO title is becoming more prevalent for leaders with an exclusive information-security focus.” A few CSOs also oversee employee and facility physical security, though a more typical title for such a role is Vice President or Director of Corporate Security.
CSOs/CISOs emerge from a variety of backgrounds, including government, the corporate world, and startups. Diverse educational backgrounds also are common in the field; however, experts have suggested that increasingly, organizations will require master’s degrees in cybersecurity for CSOs/CISOs. This is a growth position given the constant threat of cyberattacks.
Writing for Forbes, Ted Schlein summarizes the role: “The CSO must be technically adept, with an intuitive understanding of a company’s systems, how hackers might penetrate them, and how to defend against attacks. And because no company, no matter how invested it is in cybersecurity, is fully immune from cyber threats, the CSO must also understand how to detect, contain, and remediate the attacks that do occur.”
Key Competencies for the 2019 CSO Role
In your career-marketing communications, showcase the competencies on this list you possess:
- Collaborative skills and the ability to build consensus among stakeholders.
- Technical aptitude with intuitive understanding of a wide range of relevant systems, as well as techniques hackers might use to infiltrate them and ways to defend against attacks.
- Extensive ability to plan, design, develop, test, implement, and oversee IT security systems, including security-monitoring and detection tools, and be able to identify, contain, and recover from cyberattacks.
- Strong leadership, negotiation, and persuasive ability.
- Technical curiosity and willingness to learn from mistakes.
CSOs/CISOs typically offer about 7-8 years of experience in information security, strong leadership skills, the ability to communicate to a non-technical staff, and at least a bachelor’s degree in computer science. They can enhance their marketability with an advanced degree specializing in information security or information assurance. Look for academic programs offered by universities recognized by the National Security Agency. Here are a few suggestions for those seeking to break into the CSO/CISO role, expand their horizons in an existing CSO/CISO role, or even rise beyond the CSO/CISO role:
- Build relationships and network. In an excellent article about succeeding as a CSO/CISO, Stefan Sulistyo suggests that these roles and departments are particularly helpful to form bonds with: IT manager/CIO; data protection; law department; corporate communications and PR office; customer service; internal audit; personnel management/human resources; facility management (or physical-safety department); and executive assistant. Fruhlinger observes it’s also worthwhile to cultivate contacts among industry vendors, the intelligence community, and academia.
- Join a professional organization. Experts in the field suggest Overseas Security Advisory Council (OSAC) and International Security Management Association (ISMA) to provide further networking opportunities.
- Earn a CISSP (Certification Information System Security Professional) certification or GIAC Information Security Professional certification through Global Information Assurance.
- Demonstrate your alignment with the business and the organization’s goals. One way to understand that alignment is to identify a mentor who can guide the CSO/CISO in senior management’s expectations. Even better is if this mentor champions the CSO/CISO, asserts Lynn Mattice of risk-management consultancy firm Mattice and Associates and Jerry Brennan of security-executive search firm SMR Group.
- Look to fill gaps. Since CSOs/CISOs come from a variety of backgrounds, leverage yours in an organization that especially needs it. Whether your background is as an engineer/architect, or manager of security professionals, or you offer a different set of qualifications, chances are you can find a niche as a CSO/CISO, especially because many organizations still don’t have CSOs/CISOs.
CSO/CISO Trends to Watch in 2019
- The use of ransomware will decline but still be a problem. Organizations are now more alert than in the past to malicious apps intended to block access until the victim pays a ransom, and they have implemented security measures.
- One ray of sunshine is the positive security environment created as businesses continue their significant migration of data to the cloud in 2019: In addition, cloud-delivered security solutions will be a priority for CSOs/CISOs.
- Cybersecurity alone will not be enough to secure the most sensitive data or privacy. As Rina Shainski, co-founder and chairwoman of Duality Technologies, puts it: “Data must be protected and enforced by technology itself, not just by cyber or regulation. The very technology compromising our privacy must itself be leveraged to bring real privacy to this data-driven age.”
- We can anticipate continued nation-state attacks on and surveillance of individuals: State-sponsored threats and high-level hackers continue to relentlessly troll access to the critical infrastructure of nations worldwide.