The tools your CISO needs to succeed: clear goals and community

In recent years, the threat landscape has intensified – and security startups have matched the rising tide. The market is overflowing with emerging companies offering security solutions, services and products, many of which attempt to solve the same problems of securing sensitive data and protecting it from risk.

This security-centric market is a major win for CISOs (chief information security officers). More companies than ever before are adding security experts to their executive teams in order to uphold promises of data security to their customers. However, a CISO’s actual job description varies between industries, sizes of organizations and even company cultures. From some angles, it can feel like the security space is suffering from a CISO identity crisis.

To fully leverage a CISO’s experience and value on an executive team, it’s critical to make two parts of the job clear:

1. Defined responsibilities and goals

Generally, CISOs are responsible for strategic security planning and overseeing the execution of daily operations that support security. However, this can translate to a variety of actual tasks depending on the company. If an organization recognizes this and customizes the CISO’s role to align with its specific goals, it helps the executive bring exactly what’s been missing to the table. If details about these roles remain vague, though, CISOs can’t achieve their goals.

CISOs are most successful when they can plan strategies in advance. Too often, they’re added to executive teams after organizations have suffered data breaches or have faced unfamiliar compliance regulations. As a result, CISOs are constantly working to catch up to company needs and expectations – usually, this means they’re being asked to achieve more with a fixed amount of staff, technology and budget. Organizations should outline their security goals and consider how they might scale over time – with that information in hand, they’re more qualified to hire the right CISO for the job.

2. Access to the security expert community and freedom to collaborate

Even with advance planning, a CISO’s daily to-do list is rarely predictable. Successful security plans are complex, consisting of procedures, policies and guidelines that must be frequently revisited to ensure they’re accurate and capable of proving value to the organization as threats evolve. As CISOs consider new technologies to support those plans, the best way to determine whether they’ll support the company’s goals is to seek feedback and direction from industry peers.

Coming together in communities – both online and in person – enables CISOs to share tips, results and strategies. Meetups and discussions are particularly valuable if two organizations share similar constitutions in terms of staffing, funding, security concerns or incident history. By talking through real-world problems, CISOs can cut through marketing hype and determine the best ways to secure sensitive data.

Want more security tips for your C-suite? Sign up for the DataGravity newsletter.

  Like This
Andrew Hay

Andrew Hay

With over 15 years of data security experience in various roles inside organizations as well as advising them, Andrew serves as the chief information security officer at DataGravity. He is responsible for the development and delivery of the company’s comprehensive data security strategy. Prior to DataGravity, Andrew was the director of research at OpenDNS (acquired by Cisco) and the director of applied security research and chief evangelist at CloudPassage.