RSA Conference 2015 special coverage: News, analysis and video
Reporting and analysis from IT events
Part of Renee Guttmann's job as vice president of the Office of the CISO at Accuvant Inc. is to provide guidance to information security leaders across a variety of enterprises.
"The biggest issues I'm seeing right now or the challenges that folks are facing," Guttmann said, "is that what they're really missing is a strategy. This is what they're being asked for by their boards; they're being asked this by their companies.
"Some are floundering because they don't have their priorities in order, and so they don't know what steps they're going to be taking next, and they've been unable to communicate the roadmap to others in the organization. So frankly, they're just at a point in time where they're asking for a lot of help to build out the strategy they need for information protection for their organizations."
So what's a CISO or security practitioner to do?
"It's critical that CISOs and security practitioners make the time to be involved with the community and learn how others are dealing with it," Guttmann said. "Security leaders must make their staff also take the time to network and learn what's going on in their particular space."
Guttmann also offered advice for CISOs on coping with the mental and emotional rigors of the job, and gave pointers to the young security pros aspiring to advance to the CISO level.