The CISO Role Is Technical
Recently there has been a bit of discussion about information security leadership. The other night I was put on the spot when I made a comment and the response was, “so if you’re not technical, you cannot do security work?” Or, something like that.
I didn’t want to be rude and do understand that there is a whole domain of IT, information and security governance that focuses on policy, procedures, and resilience. That was the focus of the first five years of my career at EY and KPMG. However, larger organizations that have a lot to leak, already have have risk and control departments to focus on policy and procedure review, while having a department that focuses on disaster recovery. Even when that falls into the information security department directly, it is a supporting function to the role of actively securing the environment.
The CISO roles needs to be a cyber security expert with...
Continue reading →