Home > Information Security Magazine > Columns > Ping
EMAIL THIS LICENSING & REPRINTS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Ping
by Michael S. Mimoso
Issue: Apr 2006
printer-friendly
licensing & reprints

Future CISOs owe a debt of gratitude to people like Jane Scott Norris. Not only is this government veteran a trailblazer as the Department of State's first CISO, but longer than most, she's been outspoken on the need for security managers to learn the businesses they serve. While a technology background is vital, it's not surprising that Norris also thinks more diplomatic skills, such as marketing, speaking, writing and project management, are important for CISOs.

Should future CISOs be business people? IT people? Both? I think you need a mix of skills. You definitely need to understand the business you're in. I've been in IT in the state department for almost 20 years, but, having served overseas a lot, I think I understand our business fairly well. That is imperative. Do CISOs really need to learn to speak the language of business? Is that the must-have skill? You need to speak in plain English and not be wed to all those techie acronyms. You need marketing skills; you talk to a lot of people and you've got some good ideas, but if you don't have the marketing skills, you're never going to get things sold. You also have to be able to make your case quickly and easily. In my area, if you can't make your case in one page, you're never going to get in the door.

Would you suggest taking classes to hone those skills? Sure, why not? Go to Toastmasters to learn your speaking skills. So many people in our business, if they come up through the IT world, are not very good at public speaking, writing or project management. Those are skills I encourage.

More information from SearchSecurity.com

Learn about the business drivers for creating an incident response plan.

Visit our resource center for tips, news and expert advice on incident response.

How many CISOs have this mix of skills? Most of the successful ones do. Many of us were involved in Y2K, and I think that was the first time that I understood how important the business side of things was. That was my crusade-- "Hey this isn't an IT problem, it's a business problem."

Do many still work in isolation as solely an IT person? There are purists out there, and that's great. We need them. But are they going to make the next level? I don't really think so, not if you're going to be locked into that kind of thinking.

Read the complete interview at searchsecurity.com/ismag





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts