Feature

Ping: Jane Scott Norris

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Security survivor all stars explain their worst data breaches."

Download it now to read this article plus other related content.

Future CISOs owe a debt of gratitude to people like Jane Scott Norris. Not only is this government veteran a trailblazer as the Department of State's first CISO, but longer than most, she's been outspoken on the need for security managers to learn the businesses they serve. While a technology background is vital, it's not surprising that Norris also thinks more diplomatic skills, such as marketing, speaking, writing and project management, are important for CISOs.

Should future CISOs be business people? IT people? Both? I think you need a mix of skills. You definitely need to understand the business you're in. I've been in IT in the state department for almost 20 years, but, having served overseas a lot, I think I understand our business fairly well. That is imperative. Do CISOs really need to learn to speak the language of business? Is that the must-have skill? You need to speak in plain English and not be wed to all those techie acronyms. You need marketing skills; you talk to a lot of people and you've got some good ideas, but if you don't have the marketing skills, you're never going to get things sold. You also have to be able to make your case quickly and easily. In my area, if you can't make your case in one page, you're never going to get in the door.

Would you suggest taking classes to hone those skills? Sure, why not? Go to Toastmasters to learn your speaking skills. So many people in our business, if they come up through

    Requires Free Membership to View

the IT world, are not very good at public speaking, writing or project management. Those are skills I encourage.

@exb

More information from SearchSecurity.com

Learn about the business drivers for creating an incident response plan.

Visit our resource center for tips, news and expert advice on incident response.
@exe

How many CISOs have this mix of skills? Most of the successful ones do. Many of us were involved in Y2K, and I think that was the first time that I understood how important the business side of things was. That was my crusade-- "Hey this isn't an IT problem, it's a business problem."

Do many still work in isolation as solely an IT person? There are purists out there, and that's great. We need them. But are they going to make the next level? I don't really think so, not if you're going to be locked into that kind of thinking.

Read the complete interview at searchsecurity.com/ismag

This was first published in April 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: