CISOs mastering 'softer' skills

This article examines why CISOs can no longer rely on technology skills alone and what businesses are looking for when recruiting their next information security leader.

Tech-savvy CISOs are going soft on security.

RSA Conference 2007Security managers are finding it increasingly necessary to sharpen their communication and marketing acumen. Mastering the softer skills of writing and public speaking is becoming a mandate in order to sell upper management on new projects and budget requests.

RSA Conference 2007

Can't make it to the show? SearchSecurity.com staff members are on the RSA floor, on hand to deliver the latest RSA Conference 2007 news and updates.
Port of Seattle CISO Ernie Hayden, for example, said he keeps his presentations to a one-page white-paper style that offers plenty of high-level vision. "Executives don't have time for too many words or arguments that aren't founded," he says.

Universities have noticed the trend and are adding communication courses as a complement to engineering and computer science curriculums.

Julie Ryan, George Washington University assistant professor of engineering management and systems engineering ensures that her information security students understand the importance of concise writing and grammar, in addition to technical know-how.

"Senior executives tell me that one of the first things they look for is the ability to communicate," she said. Ryan requires her students to write policy documents and give speeches in class.

Technology is easy to lock down, but it only takes one person with privileges to take down that security
Ron Woerner
information risk managerConAgra Foods
"I focus on making sure that they write in standard English, so that what they are communicating spans the time and geographical distance often present in today's organizations," she said. "Writing is a technology, and it can bridge culture, time and location, if done correctly."

Ron Woerner, information risk manager with ConAgra Foods, said colleges should shift from entirely focusing on the hard sciences like physics, which is sometimes offered as a necessary study for information security, to psychology and human relations.

"Technology is easy to lock down, but it only takes one person with privileges to take down that security," Woerner said. Understanding some psychology, he said, can help you understand and secure networks against social engineering threats, for example.

Public speaking training from Toastmasters or the National Speakers Association can instill confidence as CISOs sell new initiatives and policy changes to the board. Interpersonal communication skills may help you play office politics to your advantage, but according to Shawn Moyer, CISO of Agura Digital Security, "Try to remain apolitical, but aware of the process. Information security pros should be Switzerland, if at all possible--avoid strong alliances with a given faction and try to be a balanced, reasonable voice."

CISOs can no longer rest on just their technology skills. Softer skills have to be blended with knowledge of business administration to create a well-rounded leader.

"Continuing to understand the business and economics, and how the two fit together, will be important," Woerner said. "Business is all about money, and you want to make sure you're spending your money wisely. Know how economics works. You don't want to put in place $100,000 worth of security technology when you're solving a $10,000 problem."

"Businesses are looking for people serious about information security, people who can build a world-class information security function," says Lee J. Kushner, president of L.J. Kushner Associates, an information security recruitment firm. "They need someone who can do more with less and who can maximize the company's resources: money, people and technology."

<< Return to our special coverage of RSA Conference 2007

Dig deeper on Information Security Jobs and Training

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close