• United States



‘Hackers need CSOs, too’

Aug 04, 20112 mins
Data and Information Security

Following my post about how hackers are misunderstood, a CSO friend offers a counter-argument.

A recap: Yesterday I wrote about the disconnect I sometimes see between the high-level security execs and the street-level hacker community. The security practitioner often has trouble getting through to the CEO on why certain decisions are risky, requiring a more thought-out security program.

Drill down a bit in some places and you’ll find that the same disconnect can exist between the security suits who look at things in big-picture, strategic imagery and the lower-level admins who see danger in dense, technical code that can be beyond the comprehension of the higher ups.

To that point, I got the following message from friend and Providence Health & Services CSO Eric Cowperthwaite:

“Just remember the ‘crazy hackers’ need the ‘elder statesmen’ to connect with the business. The sword cuts both ways. If the blackhat-defcon crowd doesn’t realize that the CSO connection to the business is critical, they will stay marginalized. I know I need the defcon crowd, but the CEO won’t listen to them directly, so they need the CSO crowd, too.”

The man has some good points, and I’m sure many in the hacker crowd will agree. Some won’t. Whether you agree or not, I’m interested in your experiences on the matter.

And so, I open the floor for discussion.

–Bill Brenner

one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

CSO’s Daily Dashboard gives you a