In this interview she gives a CSO perspective on the importance of risk management, threat mitigation and security awareness.
Companies are increasingly aware of the benefits of risk management. What’s your take on risk management's goals within an organization?
In setting up risk management programs, I like to keep things simple – that way they get done. The goals are to identify real risks to the important items within the company, mitigate the risks and continuously monitor the environment.
It is more than running a vulnerability scanner and addressing all of the “critical items”. It is talking with the business to understand what is it that they consider critical to their operation, and then focus on areas within the environment where the “important things” are. A risk manager needs to be a translator if you will, between the business which knows what’s important to the company” and the technology support side, which applies the safeguards and mitigation.
Is risk management a desirable career path? What can aspiring CSOs expect?
That’s an interesting question. I have been in information security for 25+ years and have seen the profession morph over the years and branch out into difference specialties. Risk management is what old school information security folks have been doing for years, security management.
So, it is desirable – you bet! It has been an unbelievable journey and only gets better. As for what aspiring CSOs can expect, that’s easy. It’s the same thing but only different. People will always have motive to do “bad things”, businesses will always need to be safeguarded - the thing that is different is technology.
My advice to aspiring CSOs is to be flexible and stay on top of technology and how it is being used. Take for example the whole BYOD thing. Many security folks were in denial that BYOD was being used within their environments, then they see things like their CEO using a mobile device in a meeting. You need to keep your ear to the ground and know what’s going on as quickly as possible. Build trusted relationships with as many people as you can – often times I have found out what’s going on from my “informal/off the record” conversations.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.