Savvy information security leaders recognize that as security threats continue to grow in volume and complexity, they need to move beyond reactive security tactics and take a proactive posture towards protecting the enterprise.
This includes demonstrating to the board of directors how cyber teams continue to improve their state of readiness and detection capabilities.
Top-tier information security executives who spoke at HMG Strategy's 2018 New York CISO Executive Leadership Summit in New York on April 5 shared various ways that they are working with the CEO and the board to drive innovation and deliver value to the enterprise.
"There's business value in the due diligence we conduct on the cyber health of potential acquisitions we explore," said Richard Arenaro, CISO, Horizon Media.
Without question, the role and the prominence of the CISO has come a long way in recent years as cybersecurity has come into the spotlight.
"Years ago, if you mentioned to someone at a cocktail party that you worked in information security, they probably thought that you placed AV on PCs," said Ed Amoroso, former CSO at AT&T who is now Founder and CEO of TAG Cyber LLC. "Now, if you mention that you work in cybersecurity for a bank, people are very interested and you'll get swamped with questions."
As the CISO role has evolved, information security leaders are also demonstrating courageous leadership in speaking candidly with fellow members of the C-suite regarding roles and responsibilities. "We have to remind business leaders that IT doesn't own the data - it's the custodian of the data," said John Whiting, Global Chief Information Security Officer at DDB Worldwide. "It's important to communicate to business leaders that they own the data and must apply secure practices around data usage."
Still, as CISOs have had additional responsibilities piled onto their shoulders (aka 'kitchen sink syndrome'), this has led to changes in how they must go about level-setting expectations with members of the executive team.
"A common thread affecting most CISOs is scope creep," said Michael Palmer, VP & CISO at the National Football League. This includes everything from to risk management to crisis management responsibilities that have being placed on their plates.
"Plus, as data has become ubiquitous with mobile users and data that resides in the cloud, we're no longer focused solely on protecting the data that resides within the perimeter. We also have to protect the organization from third-party relationships. All told, this requires taking a closer look at what the title 'CISO' means and how that impacts the role."
Meanwhile, progressive CISOs are also being dynamic in their interactions with the board of directors. "It's important to understand the board landscape - both individually and collectively - and to be prepared to talk about what you're doing proactively as a CISO to help protect the future state," said Israel Martinez, Chairman Global Manufacturing ISAO & CEO, Axon Global.
Forward-looking CISOs are repositioning themselves and strengthening their professional brands. "The CISO has become the new CIO - where the board once wanted to speak to the CIO about using technology as a competitive advantage, now the board wants to talk to the CISO about security as a competitive differentiator," said Lookman Fazal, CTO & CISO, Argo Turboserve Corporation.
To learn more about HMG Strategy's CISO summits and its cadre of world-class speakers, click here.