Saturday August 30, 2008 1:42 PM AEST

SC Magazine Australia/NZ > Features > Job Centre > Job Centre > So you want to be a CISO?

Vulnerability Alerts

SANS

Microsoft

Microsoft Security Advisory (951306): Vulnerability in Windows Could Allow Elevation of Privilege
MS07-050 - Critical: Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127) - Version:2.0

CERT/CC

Latest Comments

"You should hire people to fight trojans and stuff"

on Best Western falls victim to major hack

by Me | Aug 29, 2008 7:27 AM

"Not exactly an innovative feature Microsoft. Other browsers have had this capability for a long ..."

on IE 8 to sport traceless browsing

by Chris Jones | Aug 28, 2008 7:38 PM

"Hey"

on PGP Whole Disk Encryption 9.5

by Emilio Garcia | Aug 27, 2008 2:53 AM

"adfdas"

on HP WebInspect 7.7

by ddd | Aug 26, 2008 4:24 PM

"i have seen a few iPhone porn sites and while most of them are crap I did run across one that ..."

on iPhone porn on the up

by gate | Aug 23, 2008 6:30 AM

Job Centre

So you want to be a CISO?

After seven years as chief information security officer (CISO) for ICI, Paul Simmonds is concerned about the lack of presence of CISOs in business. Part of the issue, he contends, is that boards lack the ability to assess the competency of this emerging C-level executive.

“Every large company should have a senior CISO,” says Simmonds, who is moving from ICI to another FTSE-listed company following the sale of ICI to Akzo Nobel earlier this year.

“Unfortunately, there are relatively few true CISOs out there; generally it's confined to the banks, a few enlightened corporates and those firms that live and die by their online presence.”

Simmonds wants the profession to develop people for this top role. In the first instance, he says, individuals need to ask themselves whether they really want to progress into the CISO role.

"If what you enjoy is the buzz of being at the cutting edge of IT, this is not right for you. I haven't been at the sharp end of technology for the last 10 years of my career, if not more” he says.

“My role changed to being much more involved with business strategy, politics and the profit and loss of my and other departments as we work to assure the company's intellectual assets are properly protected.”

Potential CISOs need to be interested in being developed as business partners and helping all staff recognise that security is part of their job role, while being able to sell the merits of what they do for their organisation.

A potential CISO needs to fulfil a broad spectrum of requirements: to assure the configurations of firewalls one day, or the connection of SCADA systems to the internal network another.

Simmonds says that certifications to assure specific skills are essential. “But the big question will be whether a candidate for the CISO role has gained both the knowledge and the wealth of experience needed to manage the responsibility at the highest level.

Generally the board isn't qualified to answer that question, which is where the profession itself needs to step in to provide a level of peer review and assurance,” he says.

See original article on scmagazineus.com

Secure Computing Magazine

Ads by Google

Thoughts on this article? Add a comment below.

Be the first to comment on this article.

Name:

Email:

(will not be displayed)

Comment:

(HTML not permitted)

Validation

Enter the code you see below:

Most Read
Most Discussed
Latest News

Job Centre Whitepapers

So you want to be a CISO?

Sponsored Links

SC MAGAZINE SITEMAP

CATEGORIES

News

Alerts

Products

Stats

Blogs

Photo Galleries

Whitepapers

Events

Jobs

Downloads

Vulnerabilities & Exploits

Breaches & Exposures

Messaging

Mobile

Access Control

Biometrics & Forensics

Legal

Risk Management

Job Centre

Patch Management