Iain Sutherland, as Managing Director of Information Security Solutions, recruits security executives for large enterprises. He has a front row view of how the role of security executives and the skills that enterprises value for the CISO position have changed over the last few years.
When I met Iain a few weeks ago he pointed out that having a list of security certification acronyms appearing after your name did not guarantee a promotion to the top spot.
Why would that be?
New research from Forrester gives some insight. According to Forrester:
“Security leaders now sit at an important intersection within their organization, with a hand in information management, risk management, brand protection, third-party relationship management, and other functions beyond their historically technical role.”
This implies to me that the use of technology in all aspects of business has resulted in a complex undertaking for security professionals. If the CISO now has to engage and influence all these other business functions then new skills, particularly around governance and business communication, would be a necessity. But what exactly are governance skills and would those skills really trump experience in security operations?
I’m not sure, which is why I’m looking forward to tomorrow’s Evolve to Become the 2018 CISO webinar where Iain and Chris McClean from Forrester Research will discuss the trends they are tracking and what it means for security experts who aspire to be enterprise CISOs. I’m sure the audience will have some interesting questions for Chris and Iain.