By Sean Martin & Marco Ciappelli
During our RSA Conference USA 2020 coverage in San Francisco, we connect with keynote speakers, presenters, panelists, organizers, and the InfoSec community to keep the conversation going. This is one of those chats.
ITSPmagazine coverage, podcasts, webcasts, articles, and all our happenings during RSA Conference USA 2020 in San Francisco is made possible by the generosity of our sponsors. We are ever so grateful for your support.
CISOs are people too—and they dream just like the rest of us.
The question is: What do they dream about?
CISOs, arguably, have one of the toughest jobs in the InfoSec industry. Oftentimes, you’ll hear people ask them “what keeps you up at night?” suggesting that they only have nightmares. However, as note above, CISOs are people too—and they dream just like the rest of us.
So, to mix things up a bit—changing the narrative from negative to positive—we discuss what the CISO dreams about for the executive-level role, both in the near-term and the long-haul.
This is a conversation I’ve been dreaming about having for quite a while and my dream finally came true as Laz, Deborah Blyth, and Nils Puhlmann—current and former CISOs—joined us during RSA Conference 2020 to look at their role, their teams, their processes, their technologies, the culture, and so much more.
These are a few of the highlights from the conversation:
How employees and citizens play a role in the CISO role
Reducing complexity in technology, both operationally and conversationally
The value of culture across the organization at all levels; what does it take to get there?
Changing the way we measure success for the role (and who is responsible for evaluation)
Funding... what's the reality here?
Below are a few of the quotes pulled from the conversation. Be sure to listen to the whole thing to get the full context for each point.
“In a perfect world, I would walk into every board meeting give them what they need at their fingertips. And what I mean by that is I want to align the geek speak and the technology talk in business terms. For me, it’s always been about taking a complex thing and making it easier to understand.”
“One of the things I dream about is that everybody in my organization would feel like they are part of the security team. They would look at whatever it is that they are tasked to do, and they would do it securely. They would be thinking about security and building it in from the start.”
“I know several really, really good CSOs that if you would ask their former managers or bosses about feedback it would probably be negative, but if you would ask their team it would be highly positive. So the question is really, who can evaluate whether a CSO is really good?”
“I would challenge every company that has a board to bring on at least one technical person to be on that board. Digital transformation started 20 years ago and it’s critical that the boards understand what’s happening with technology. Security will come shortly after that.”
“I think every public company should have one board member that has been a prior CSO. Not just technical knowledge, an operator; somebody that has been in the seat and understands that to be able to evaluate what the company is actually going against.”
“Bank managers and bank tellers; they’re not fired because of a robbery, right? Whereas a CISO or a CIO or CEO may be fired because of a security event. I think we do need to still mature and look at [measurement of the role] a little bit differently.”
Ultimately, the CISO community needs to continue to work together, but also needs to find ways to strengthen their relationship with others at the board level, executive level, and operational level. Additionally, it's clear that the overall view and function of the role also needs to continue to mature if we are going to attract new talent to take on this critical position.
