Information Security

Defending the digital infrastructure


Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

9 Habits of Highly Successful CISOs

Head to toe, what traits would you build into the perfect CISO? Here's our top picks.


So, who is the perfect CISO? The case could be made for Jack Jones, former CISO of Nationwide Insurance, who was awarded the Excellence in the Field of Security Practices trophy at the RSA Conference 2006 in February.

Jones led nearly 100 infosecurity professionals through various aspects of risk management while at the Fortune 100 company, and succeeded in creating a security policy modeled after ISO 17799.

Jones has been able to bring his strengths to his new role. "Actually, one of the reasons I chose to move on was so that I could apply the lessons I'd learned and the skills I developed at Nationwide to a new environment."

Jones stays humble about his excellence award and the accolades that come with it. But, who does he feel is the perfect CISO? "Not me. That person would need to be a superlative communicator--in all media, with all audiences at all levels inside and outside their organization." Wise words from a true infosecurity winner.

--Amber Plante

Use Your Head
Try to be pragmatic and a little paranoid at the same time. Think logically and you'll always be one step ahead of the attackers.

Speak Up
Articulation is an undervalued trait. In your own office, clearly enunciate your directives and your staff will follow through.

Stand Tall
Have the courage of your convictions. If you do, your staff will follow you even if your decision is not the most popular choice.

Get a Leg Up
Get your security objectives the attention they deserve. "Have the courage to take unpopular positions, but be open-minded and willing to change," says Jones.

Have Vision
As a leader you need to see the big picture and how security affects business. "See issues through the eyes of others," suggests Jones.

Stick Your Neck Out
Learn when and when not to take risks. "Be a problem solver and facilitator of solutions that meet the organization's objectives," says Jones.

Take Heart
Even when the times are rough and the threats are significant, stay the course with the appropriate amount of urgency and commitment.

Go with Your Gut
Take advice, but in the end make the decisions yours. "Be an educator--always look to advance other peoples' understanding of issues," suggests Jones.

Take a seat
Being able to sit down in the boardroom and translate technology imperatives into business sense will help outline the cost benefits of security to the higher-ups.

Compiled from interviews conducted by Anne Saita, Michael S. Mimoso, Marcia Savage and Kelley Damore, with input from Debby Fry Wilson, Adrienne L. Hall, Rebecca Norlander, Lisa "LJ" Johnson, Suzanne Hall and James Christiansen.

Article 2 of 18

Dig Deeper on Information security policies, procedures and guidelines

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Information Security

Access to all of our back issues View All