CIsO or ciSo?

In some big companies it does make sense to have a polished CISO who is responsible for working both the Boardroom and the IT Executive management group. In those cases a strong security focused Deputy CISO should be considered for the heavy Security lifting that is also required. As a CIO friend of mine told me recently both of those skills is very hard to find in a single person.

My primary concern is for mid-range and smaller companies that want a CISO and are unsure of what skill set is most needed on the part of their CISO to fight organized crime, unscrupulous competitors or nation state actors. I believe that they are making a mistake with some current hires I have observed.

A somewhat scary trend that I am starting to see is now that CISO salaries are going up companies are putting Deputy or Associate CIO’s in those positions. This makes sense if we consider human nature as the CIO’s seem to be more comfortable with someone who is not “such a security guy or girl” talking to Executive Management.

Of course this approach continues to severely downplay the S (Security) component of the CISO role and is yet another path which, IMO, will lead to failure in the fight against Cyber Criminals. In many cases we need to move to having a ciSo instead of CIsO (a catch-phrase I am trying to get to catch on) and remember that it takes trained and experienced security professionals to fight organized crime, unscrupulous competitors and nation state actors. In my opinion the S in the ciSo title needs to carry the most weight for the majority of companies in their fight against cyber crime.

About mclaukl

Professional Certifications - Certified CISO, CISM, CISSP, PMP, ITIL Master Certified, GIAC Security Leadership Certificate (GSLC), CRISC. Kevin also holds Certificates in the Advanced Principles of Information Security and in Advanced Information Security Research Methods from Jones International University. Kevin L. McLaughlin began his career as a Special Agent for the Department of Army. He was responsible for investigating Felony crimes around the globe. He has had many careers over the years, including being a Police Officer in Kissimmee Florida, an Investigator for Mastercard/Visa, a Middle School teacher, a Director at Kennedy Space Center (where he worked with Fred Hayes, James Lovell, Armstrong, Sheppard, etc.), the President of his own company, an IT Manager and Senior Information Security manager with the Procter & Gamble (P&G) company (fortune 35), a CISO at the University of Cincinnati and a Senior Information System Security Manager for the Whirlpool Corporation (fortune 125). Kevin has also been an adjunct since 1992. While at P&G Kevin created one of P&G’s augmentation outsourcing teams in India. Kevin designed and implemented this India team and it won a global Gold Service award from Atos-Origin and has acted as a model for countless corporate relationships since. Over the years Kevin has: created an Information Security program conducted Information Security Strategic planning designed Information Security solutions, investigated over 700 Cyber cases and operated a Global Security Operations Center. • Education - MS in Computer Science Education, BS in Management of Information Systems * PhD in Cyber Security, University of Fairfax
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s