Opinion
Career Advisor: Do You Have What It Takes to Be a Converged CSO?
Who is the better choice to lead a newly converged organization--someone with more experience in information security or in physical security? A recruiter describes how three of his clients recently answered that question.
By Jeff Snyder
to replace a retiring physical-security-focused CSO. Their intention is to hire someone with an 80-percent information-security CISO skill set.
What Does It Mean?
In their own ways, each of these three companies came to the same conclusion. They have decided that 50 to 80 percent of the skill set they need is an information-security skill set. They argue that an information-security-skilled executive should be able to bring the right blend of technical skills, business understanding and executive leadership to be successful in their newly created role. While this executive is not expected to be an expert in all physical security topics, he or she is expected to have enough exposure to the physical side to lead individuals on the team who possess physical security expertise.
Someone with a stronger background in corporate security certainly could argue that he or she could simply put a strong information-security person in place to lead that aspect of the organization. But in my experience, that argument just hasn’t worked as well. For whatever reason, leaders with an information-security background seem more often to have the business savvy that makes upper management confident in their ability to break down the silos that have built up over time--perhaps just by the nature of who they interact with in a corporate environment.
Besides, even a converged CSO role is increasingly a technical one. Electronic record issues, data privacy issues and regulatory compliance pressures are becoming more and more complex. As I listen to the conclusions my clients have reached as they work through the process of determining what a converged security skill set looks like, I hear them place most of the emphasis in their description on a deep and diverse technology and information-security background.
The decision to converge information and physical security is a bigger decision than what meets the eye--as is the ability to succeed in a newly converged position. Assigning or acquiring the right talent to successfully lead a new converged operation is the difference between success and failure of the endeavor.
Jeff Snyder is president of SecurityRecruiter.com.
Other stories by Jeff Snyder
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- FISMA Prescriptive Guide
- The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
- Beyond PCI Checklists: Securing Cardholder Data with Tripwire's Enhanced File Integrity Monitoring
- IDC White Paper: CCM for IT Compliance and Risk Management
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
