Sink or Swim
Lee Parrish's column ("No Horsing Around," Perspectives, August 2006) is on target for large enterprise boards such as Northrop Grumman, Boeing and others. Were I CEO of such an enterprise, I would most certainly want my CSO/CISO to have an MBA as well as his or her appropriate security credentials.
However, there are organizations such as our own that have fewer than 1,000 employees, including executives. To apply Parrish's perspective would not be feasible, if only from a fiscal standpoint.
Smaller organizations have a built-in requirement for members of the organization to "wear multiple hats" and/or "fill multiple pairs of shoes."
Furthermore, budget constraints of the nonprofit world also constrain the organization from hiring graduate-degree holding, multi-credentialed individuals.
Most of the IT directors in the smaller organizations where I have worked are also the organization's information security officer. None of them have had a master's degree to accompany their Microsoft Certified Systems Engineer (MCSE) credentials.
My current boss has certainly excelled while sitting with the other executives of the hospital in managing our growing budget and security requirements.
Sometimes being thrown into the deep end is also a good way to learn how to swim.
Richard H. Roberts
Information services maintenance technician,
Mason General Hospital
MBAs and the CISO
The MBA article ("Head of the Class," September 2006) was a very good commentary, and right on target.
One thing that was left out, however, and should have been included, is the SANS Institute's MSISM program (www.sans.edu/programs/msism/).
This degree is designed to help a candidate become the highest-ranking management employee in an IT security shop.
While the program is relatively new, it is built expressly to educate and train people for CISO and other senior leadership positions.
The fact that it is run by the SANS Institute ensures that the program will produce a high degree of competency.
It should also lead to a much-needed increase in the level of ability in senior infosecurity leadership in all areas of business and industry.
I am working on a second master's degree (EMBA this time) for the very reasons stated in the article--in order to advance and be successful in information security, I need to have a foundation in the business skills necessary to function at the higher levels.
I have been a techie for more than 20 years, but only recently began to understand the necessity for understanding the business side of the equation.
While my current degree program is not with SANS (its program was developed after I began working on my current degree), I have given serious thought to pursuing it on completion of my present studies.
Lee A. Kadel
Senior information security analyst,
Wheaton Franciscan Healthcare
Send your e-mails to firstname.lastname@example.org.