Home > Information Security Magazine > Features > Office Politics
EMAIL THIS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Office Politics
by Marcia Savage
Issue: Jul 2007
printer-friendly
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   8  |   9  |   10  |   NEXT PAGE  >

Survival 101
Succeeding in a pressure-filled world of auditors and cyberthreats requires skills in business, technology, people and more.


With a load of regulatory requirements, auditor scrutiny and evolving cyberthreats, it's a pressure cooker for an information security executive these days. How's a security manager supposed to survive, let alone succeed, in the enterprise?

A big part of the answer has become a CISO mantra: Technology skills aren't enough; a security professional also needs business know-how. A successful one understands how the business works and can speak in terms the C-suite comprehends.

"We're there to facilitate the business, not hinder it. In order to do that, you have to be able to pull your head out of the ones and zeros and speak intelligently to people who don't understand the ones and zeros," says Dave Lewis, senior information security officer at the Independent Electricity System Operator (IESO) in Ontario, Canada.

Some security professionals are so focused on blocking attacks that they overlook how a threat affects their particular business, he ...



says: "You have to understand what your business does and the risks involved for your business."

The ability to translate security threats to business risks is critical for getting a seat at the executive table, says Tim McKnight, vice president and CISO at defense contractor Northrop Grumman. And when you get time with the C-suite or the board, use your time wisely, advises Gene Fredriksen, principal consultant at Burton Group and former CSO at Raymond James Financial.

"You don't want to bring FUD.... You're never going to get more with those people than a few minutes at a time," he says.

Rather than virus statistics, talk about how security can help cut costs, reduce risk, improve compliance or enhance time-to-market. For example, if your organization grows primarily through M&A activities, talk about how security systems can help, Fredriksen says.

Along with business-speak, security executives need strong leadership and communication skills, and should focus on developing their employees' talents, says McKnight.

"If you don't have the best talent around you, you're not going to succeed," he says.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   8  |   9  |   10  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts