Page 23 - Cyber Warnings
P. 23
In sum, she said that everyone in IT today needs to be a bit of a business person or they risk
becoming irrelevant. Business knowledge is essential. Pascal Viginer, CIO of Orange, said here
it is better have a security oriented CISO with strong business acumen. Josh Olson, Chief
Information Officer for Michigan Tech University, agreed and went said he believes the CIO and
CISO should be able to swap roles on demand. Woo said she did not find Josh’s thought
controversial because the skill sets are so similar. Nadhan had a somewhat different opinion
here. He said if the CIO is a business person, then the CISO should be a security business
person.
The CISO drives policy & governance and manages compliance and risk based upon strategic
business initiatives. diFilipo agreed and said that a CISO should understand how to deliver on
business needs. For this reason, he said that security is a component of service/product
delivery. At this point, Jeffrey Pomerantz added that his research at Educause shows CISOs
spend a lot of time on supporting institutional strategy.
Parting remarks
So there you have it, CISOs should be more like a CIO. In other words, they should be a
business leader. If you are looking for more ideas on being an effective CISO, I have put
together a brief on the CISO function with data. Here is a link to that brief.
Further Reading
Enlightened CISOs set the bar higher
Twitter: @MylesSuer
About the Author
Mr. Suer is the Director for Solutions and Industry Marketing at Protegrity Corporation. Mr. Suer
is focused upon solutions for key audiences including CIOs, CFOs, Chief Enterprise Architects,
and Chief Data Officers and the application of Protegrity to industries. He is also the facilitator
for the #CIOChat and a Contributor to CIO.com. Prior to Protegrity, Mr. Suer was the Chief
Platform Evangelist at Informatica. Much of Mr. Suer’s experience is as a BI practitioner. At HP
and Peregrine, Mr. Suer led a product management team applying analytics and big data
technology to the company’s IT management products.
Mr. Suer has also been a thought leader for numerous industry standards. For COBIT, Mr. Suer
has written extensive. Most recently, he published in ISACA News “Extending COBIT 5 Data
Security Guidance”. Mr. Suer led new product initiatives at start-ups and large companies. Mr.
Suer has, also, been a software industry analyst. Mr. Suer holds a Master of Science degree
from UC Irvine and a 2nd Masters in Business Administration in Strategic Planning from the
University of Southern California.
23 Cyber Warnings E-Magazine – June 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
