AOH :: ISNQ4786.HTM

How to break out of the CISO role in five easy steps

How to break out of the CISO role in five easy steps
How to break out of the CISO role in five easy steps


  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1457021584-1912285080-1194344557=:3216
Content-Type: TEXT/PLAIN; CHARSET=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID:  

http://www.networkworld.com/news/2007/110507-break-out-of-ciso-role.html 

By Cara Garretson
Network World
11/05/07 

The path from CISO to executive team may not be a well-tread one, but 
breaking out of the security box and into the board room can be achieved 
by thinking about business.

So says Michael Corby, a consultant, security professional, and former 
CIO who spoke at the CSI 2007 security conference held near Washington, 
D.C. this week. During a session on leadership, Corby pointed out the 
five flaws that can keep security professionals from making corporate 
leaps, and offered five suggestions for overcoming them.

Five things that CISOs should do less of:

1. Be too much of a security evangelist and perfectionist. While these 
   are traits that tend to come with the job, as CISOs often feel the 
   fate of their company=E2=80=99s security rests solely on their shoulders, 
   they are not characteristics that tend to endear security 
   professionals to other managers, Corby says. A constant focus on 
   security can appear myoptic to others, leading them to believe that 
   the CISO doesn=E2=80=99t really understand the business.

2. Take on the `key person=E2=80=99 role. If a CISO is the only one employees 
   can turn to for help solving particular issues, that person soon 
   becomes trapped in the job, Corby says. =E2=80=9CHelp people become educated 
   and able to solve their own problems; you get less questions when 
   people can find their own answers,=E2=80=9D he says.

3. Get lost in the organizational chart. Because security plays a role 
   at various places in an organization, it often doesn=E2=80=99t show up as a 
   function at the corporate executive level. CISOs need to show how 
   their jobs impact business continuation and risk minimization, and 
   have an effect on the organization=E2=80=99s bottom line, he says.

4. Become limited by professional backgrounds. =E2=80=9CI don=E2=80=99t know too many 
   MBAs that aspire to be CISOs; there are very few people with 
   corporate mentalities that go into security, so we have this gap 
   between our background and where we are, and what we need to do to 
   take the next step,=E2=80=9D he says.

5. Let professional goals become limitations. CISOs want to be very good 
   at their jobs, but they get stuck as their company=E2=80=99s sole resource on 
   security, Corby says.


Five things that CISOs should focus on instead:

1. Redirecting social circles beyond technology. Corby recommends 
   joining the chamber of commerce or industry-specific associations and 
   organizations. =E2=80=9CHobnob with the kind of folks that are in your 
   company,=E2=80=9D he says. =E2=80=9CIt shows that you have the breadth to go beyond 
   security.=E2=80=9D

2. Finding something to excel in besides technology; people management, 
   for example. =E2=80=9CThat=E2=80=99s neutral territory; all aspects of your 
   organization need good people management,=E2=80=9D Corby says. =E2=80=9CIf you 
   demonstrate you manage people well, you=E2=80=99re more likely to grow your 
   staff or accept responsibility for additional staff.=E2=80=9D

3. Taking an interest in the core business. Many industries, including 
   insurance and banking, offer courses for professionals looking to 
   learn more about the business, he says. =E2=80=9CIt=E2=80=99s something you can do to 
   get some letters after your name,=E2=80=9D he says.

4. Running the security department as its own business. Corby offers the 
   example of when he was CIO of a large consulting company he put 
   together a business within a business, with dedicated roles such as 
   finance and marketing. =E2=80=9CIf you can do that, it shows you can run a 
   business,=E2=80=9D he says.

5. Having patience. =E2=80=9CDon=E2=80=99t expect to become CEO overnight,=E2=80=9D he says.

All contents copyright 1995-2007 Network World, Inc


--1457021584-1912285080-1194344557=:3216
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

__________________________________________________________________      
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - www.csiannual.com 

--1457021584-1912285080-1194344557=:3216--

Site design & layout copyright © 1986- CodeGods