Following on from my previous blog about attempting to close the present talent gap the Security industry currently faces, I felt the next step was to ask whether the C Level world is doing enough to help prevent security issues.
Now, there are some obvious challenges around how each firm deals with their security operations. For example, some companies may not feel they are ‘big’ enough to have a CISO, or their security operations are purely reactive sitting within an IT department because they haven’t been on the end of a cyber attack (yet). However I would hazard a guess that almost any Security professional you speak to will tell you every company needs a Security Subject Matter Expert.
The reason this has come to my attention is that I have recently started working with firms who are looking at appointing their first dedicated Information Security professional, and these range from start ups to multi national conglomerates. Whilst that may cause some of you reading this to squirm in your chair, it is encouraging that they are now at the very least putting plans in place to combat the threats we face on a daily basis and for the start ups to get the right structure in place early on.
More Senior Executives are now aware of the potential threats to their companies after high profile incidents at the likes of Target, Tesco and most recently Domino’s Pizza. Thankfully, most now realise that it isn’t a case of “it will never happen to us” and are starting to guard their employees and customers information with more care than ever before. But is that enough?
Would a specific Security expert on the board, or Senior Management teams at the very least, of every company help us start protecting the information that is increasingly more valuable? These Security experts need to be free to work across the spectrum and not just confined to the IT department so that they can raise awareness and assess all of the risks. Giving them a senior seat will enable them to advise the C Level first hand what will cost, and hopefully save, the company money. I also believe it will help raise the profile of our industry if Security professionals are in the limelight when they are helping to influence important corporate decisions.
How great would it be if we could have a high profile CISO to match CEO’s like Tim Cook and Mark Zuckerburg? That would surely help promote Security like it has Computer Science in recent years.
As the world becomes more aware of cyber threats, now is the time to create room at the top for Security experts.
Jason Waterman, Principcal Consultant at Badenoch & Clark, @JasonWatermanBC
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.