Keys to Success - Information Security Magazine - Page 1

Survival 101
Succeeding in a pressure-filled world of auditors and cyberthreats requires skills in business, technology, people and more.


With a load of regulatory requirements, auditor scrutiny and evolving cyberthreats, it's a pressure cooker for an information security executive these days. How's a security manager supposed to survive, let alone succeed, in the enterprise?

A big part of the answer has become a CISO mantra: Technology skills aren't enough; a security professional also needs business know-how. A successful one understands how the business works and can speak in terms the C-suite comprehends.

"We're there to facilitate the business, not hinder it. In order to do that, you have to be able to pull your head out of the ones and zeros and speak intelligently to people who don't understand the ones and zeros," says Dave Lewis, senior information security officer at the Independent Electricity System Operator (IESO) in Ontario, Canada.

Some security professionals are so focused on blocking attacks that they overlook how a threat affects their particular business, he says: "You have to understand what your business does and the risks involved for your business."

The ability to translate security threats to business risks is critical for getting a seat at the executive table, says Tim McKnight, vice president and CISO at defense contractor Northrop Grumman. And when you get time with the C-suite or

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

the board, use your time wisely, advises Gene Fredriksen, principal consultant at Burton Group and former CSO at Raymond James Financial.

"You don't want to bring FUD.... You're never going to get more with those people than a few minutes at a time," he says.

Rather than virus statistics, talk about how security can help cut costs, reduce risk, improve compliance or enhance time-to-market. For example, if your organization grows primarily through M&A activities, talk about how security systems can help, Fredriksen says.

Along with business-speak, security executives need strong leadership and communication skills, and should focus on developing their employees' talents, says McKnight.

"If you don't have the best talent around you, you're not going to succeed," he says.

This was first published in July 2007