Henry Dalziel | Information Security Careers | June 17, 2013
Many of our students are either already working, or are wanting to start a career within information security. Many strive to reach the highest level they can within their chosen space, and for many, that is to become a Chief Information Security Officer (CISO).
What are the roles of a CISO?
The C-level position always indicates senior management and their main role is to establish and maintain the organization’s information assets. As the head of information security all aspects of IT Security fall within the CISO’s control. The CISO must assess risks, react to cyber threats, establish official corporate standards and controls, and oversee the implementation of cyber defense policies and procedures. Training is also central to this role. Training such as Social Engineering would be seen as important as would arranging the training (typically vendor neutral infosec certs) for middle information security managers.
Listing the responsibilities of the CISO
The above list is only really a summary but you should get the gist – as a CISO you will essentially be the boss of security. Anything that falls within a security bracket is your concern. Think like a hacker, think like a bad guy and then think how to defend, and what would follow on from an attack. The position really requires a mix of artistic and scientific skills. Scientific in the sense that clearly the individual must have solid computing skills and understanding of the processes (and potential holes therein) but also artistic in the sense that many attacks are not scientific or ‘traditional hacking’ but rather are the result of social engineering, i.e. think about dumpster diving, tailgating etc. Not all threats are executed by some hacker sat in a bunker in ‘fill in the blank nasty country‘ – many real and damaging threats come from internal disgruntled employees and hence why I mention the need to think with an artistic hat on.
The importance of having a CISO, and a good one at that, is clearly on the rise.
If you are a CISO then please add a comment below, we’d love to hear from you and gauge your thoughts. In your opinion what is the key skills a CISO needs?