The CISO Needs to Be a Business Leader More Than a Technical Leader
- Eventually the CISO will have to go before the board and make the case for an investment. That’s when the CISO needs to be more of a business leader than a technology leader.
- A financial group within the company can help show if a security expenditure is going to have a direct positive impact on shareholder value.
“My board doesn’t care how many viruses were thwarted. I need to show effective delivery of that program. How did it help support our strategic objective as an organization?”
Many chief information security officers (CISOs) find themselves managing a security program that is encumbered with too many solutions generating enormous amounts of data. They don’t have the resources to use all the tools they have effectively, yet new tools are becoming available that provide more advanced protections. What is a CISO to do?
For Suzie Smibert, CISO at Finning International, the answer is clear. “Simplify,” she says, pointing out that the average large enterprise has more than 50 different types of devices used to deliver security services across the organization.