-
How to become a Chief Information Security Officer (CISO)
- 2021/08/26
- 再生時間: 6 分
- ポッドキャスト
-
サマリー
あらすじ・解説
As the cost of cybercrime rises, so does the sense of urgency most organizations have for cybersecurity programs. Operationalizing that understanding often translates to the hiring of a chief information security officer, or CISO. The total amount of data created, captured, copied and consumed globally is projected to grow to more than 180 zettabytes by 2025. While data grows in volume, it also grows in importance. Organizations rely on it to communicate and transact with customers, make better decisions, and develop smarter products. On the other hand, cybercriminals also seek to exploit it. In the middle of this data tsunami sits the CISO, whose job is to develop and implement strategies that safeguard an organization’s information. With more and more data to protect, an ever-expanding threat landscape to cover and a seemingly unending supply of savvy cybercriminals to block, CISOs have a big job, says Joshua Knight, a cybersecurity professional at Dimension Data. Throughout his 30 years of experience in the security field, he has learned that a CISO holds significant responsibilities within an organization — and it’s much broader than technology implementation. What does a CISO do? While the role of a CISO (or chief security officer, CSO, as some may call it) will likely look somewhat different from one organization to the next, most CISOs spend their days overseeing the strategic and operational aspects needed to protect data. They outline technology approaches, define policies and procedures and then implement them across all business areas. “Many of them will work up and through IT,” Knight says. CISO’s have distinct areas of data to secure, including applications, infrastructure, databases and digital, which often consists of a mixture of cloud, IoT, AI and the analytics engine. However, the key to success for CISOs isn’t exclusive to the technical knowledge needed for securing these areas. Consideration must also be given to data governance, compliance and physical touchpoints, like users. “There is bleed among all of that, but spelling it out across distinct towers shows how a security professional really thinks and how they address the new world.” In short, it comes down to effectively mitigating risk while also enabling business. Designing the technology approaches that best secure data are critically important, but so is the ability to work with other members of management. The CISO must continually advocate for security while also aligning protection approaches with business needs. Everyone is ultimately in the business of generating revenue, Knight says. Some CISOs choose to center their team structure on this goal by adding business information security officers (BISOs) to their org charts. These are security leaders within each business unit or division, usually for a large enterprise. (For more, read: What does a business information security officer (BISO) do?) “The CISO needs to be able to work with their management peers to develop a long-term security roadmap and how that aligns with the business. At the same time, they should treat their organization as a center of excellence and ensure they are easy to do business with,” Knight said. What does it take to be a CISO? CISOs are senior executives that typically report to a chief information officer (CIO) or chief technology officer (CTO). Their expertise must span a wide range of areas, and therefore the individual should have formal education and years of experience. A computer science degree of some type is usually preferred though not required, as is a number of years spent working with security technologies. For professionals early in their cybersecurity career who aspire to the CISO role, certain certifications are also helpful and offer a way to demonstrate their security chops. Some to consider working towards include: (ISC)² Certified Information Systems Security Professional (CISSP) is one of the most in-demand manager-level certifications. It va...