- BlackBerry Storm vs. the iPhone
- 2008 IT industry graveyard
- Top 10 worst uses for Windows
- Economic crisis means double duty for IT pros
- BlackBerry Storm, RIM's first touchscreen device, rolls in
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
The path from CISO to executive team may not be a well-tread one, but breaking out of the security box and into the board room can be achieved by thinking about business.
So says Michael Corby, a consultant, security professional, and former CIO who spoke at the CSI 2007 security conference held near Washington, D.C. this week. During a session on leadership, Corby pointed out the five flaws that can keep security professionals from making corporate leaps, and offered five suggestions for overcoming them.
Five things that CISOs should do less of:
1. Be too much of a security evangelist and perfectionist. While these are traits that tend to come with the job, as CISOs often feel the fate of their company’s security rests solely on their shoulders, they are not characteristics that tend to endear security professionals to other managers, Corby says. A constant focus on security can appear myoptic to others, leading them to believe that the CISO doesn’t really understand the business.
2. Take on the `key person’ role. If a CISO is the only one employees can turn to for help solving particular issues, that person soon becomes trapped in the job, Corby says. “Help people become educated and able to solve their own problems; you get less questions when people can find their own answers,” he says.
3. Get lost in the organizational chart. Because security plays a role at various places in an organization, it often doesn’t show up as a function at the corporate executive level. CISOs need to show how their jobs impact business continuation and risk minimization, and have an effect on the organization’s bottom line, he says.
4. Become limited by professional backgrounds. “I don’t know too many MBAs that aspire to be CISOs; there are very few people with corporate mentalities that go into security, so we have this gap between our background and where we are, and what we need to do to take the next step,” he says.
5. Let professional goals become limitations. CISOs want to be very good at their jobs, but they get stuck as their company’s sole resource on security, Corby says.
Five things that CISOs should focus on instead:
1. Redirecting social circles beyond technology. Corby recommends joining the chamber of commerce or industry-specific associations and organizations. “Hobnob with the kind of folks that are in your company,” he says. “It shows that you have the breadth to go beyond security.”
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment