Most successful CSOs will tell you it was a unique mix of skills that propelled them to their current position. Technical background is important, certainly, but practice in the business and excellence in communication are paramount for any CSO truly worthy of a place in the C-suite. We don't expect that to change any time soon.
But every few years, a few super-hot skills get added to the mix, ones that will make you even more attractive (to your company and to future employers) and keep you on top of your game. You may need to bring in some of these skills by maintaining a well-rounded staff, rather than by acquiring them yourself. Here are the skills that our sources say are among the most important right now.
Diverse technology experience
Familiarity with both information and physical-security technologies is important at the highest rung of the security ladder, according to Carl Young, CSO of Stroz Friedberg, a global digital-risk-management and investigations firm. The increasing interdependence between these areas demands a broad perspective on risk management.
Ability to anticipate needs. By understanding the needs of the industry and keeping on top of new technologies and threats, good CSOs can identify the special skills and expertise (such as analytics expertise or a specialty in malware) needed in their new hires on both the information- and physical-security fronts, says Young.
Fluency in the IT side of physical security
Tom Verzuh, president of recruiting firm SCW Consulting, is seeing great demand for physical-security professionals who are fluent in technology, especially digital-video software management and analytics. Brent O'Bryan, vice president at AlliedBarton Security Services, confirms his firm is hiring professionals who have experience in the convergence of physical and information security.
Many, if not all, of the devices used in physical security today (including smartphones and digital-video surveillance systems) produce loads of data. Making sense of that sea of data requires special expertise, which is highly in demand right now.
"The way to increase your value as a physical security professional is to invest in learning the world of IP networking and Microsoft server technologies and data analytics solutions," says Charles Foley, chairman and CEO of Watchful Software. "Security pros that know these two areas will be able to spearhead their companies efforts to streamline costs, increase value delivered, and will literally sell information collected to the rest of the organization."
Advanced data-protection expertise
Hardening the perimeter is good basic hygiene, but it is no longer enough. Information-protection skills are in great demand, according to Foley —in particular, knowledge of data-centric technologies such as enterprise rights management, multilevel security models, data classification techniques and biometrics.
"This is why you see increasing — numbers of courses and certifications. The skills to approach the business problem, lay out coherent strategies that are digestible to the common user, and set forth tactical deployment plans are extremely difficult to find," says Foley
Business and financial acumen
Sought-after CSOs understand the key business lines in their respective organizations and the impact of security on a company's bottom line, says Young. This understanding is also important for recognizing where potential vulnerabilities might lie within the organization, such as with outsourced services or data, or lines of business that are popular targets for cyberattacks.
CSOs that have an advanced business degree such as an MBA are always going to be that much more desirable than those who do not, according to Jerry Irvine, CIO of IT outsourcing company Prescient Solutions and a member of the National Cyber Security Task Force.
"From the standpoint of being able to understand business drivers, strategic planning, understanding the mission and vision, CSOs must have business experience. If they're going into large multinational corporations, that will probably require an MBA or a degree in business administration, says Irvine.
Technical certifications such as CISM, CISSP, CRISK and CTBIT are helpful, but CSOs need to prove they have a grounding in business-risk analysis.
Good communication skills
It will always be extremely important to be able to communicate with diverse audiences, says Young. Not only must CSOs make complex security issues understandable to the enterprise at large, they must also make it clear how important security risk, particularly digital risk management, is to the executive suite's agenda. David Luzzi, executive director of Northeastern University's Strategic Security Initiative, adds logical reasoning and the ability to inspect ideas as important skills to build on the foundation of excellent verbal and written communication skills.
David Frymier, CSO at Unisys, has more than three decades of experience in IT, with much of his recent years devoted to information security. Frymier is not inclined to get a certification or an MBA to make himself more attractive at this point in his career. His take on one of the top skills to have today?
"The ability to self-teach is a given," says Frymier. "As fast as things change, you have to be able to teach yourself how to do new things."