This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Infosec 2013: Communication skills vital for CISOs of the future

Share this article:
Communication skills and the ability to engage with management are vital for the chief information security officers of the future.

Infosecurity 2013 saw a panel of respected CISOs reveal the skills they've needed to be successful in their roles, together with advice on what was needed to take on such a role for an organisation.

"We deal in what is a very technical discipline in information security," said John Meakin, head of security and technology risk, markets and international banking at RBS. "And yet we're liaising with people, 99.9 per cent who don't speak the same language."

"The key challenge for a CISO, not just for himself but also for the team, is to speak convincingly in a language that mere mortals can understand."

Avtar Sehmbi, head of information security at Centrica, added that a business was there to make money foremost, so any discussions around security risk always needed to have that in mind. 

He said, "It's taken me years and years to work out the business perspective first and then look at the risk perspective, although they intertwine."

"You do need some kind of engagement strategy. You're selling what you're doing, your initiatives and your views on risk. It's really crucial."

Sehmbi believed that anybody could become a CISO, but many years grounding in different information security disciplines really helped, and that having a good team and hiring the right people was vital.

He said, "You're expected to know all the intricate details, as well a holistic picture. Having that 10, 15, 20 years of grounding is really quite useful."

On the other hand, Simon Riggs, SVP, regional ISO EMEA at Bank of America Merrill Lynch, did not think you necessarily needed to have lots of experience in the security industry for a CISO role.

"You can take transferable skills from any discipline and bring them to the role. That general managing perspective, marshalling the right people and focusing on the right things, doesn't require 25 years in the industry."
Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Banking Trojans target energy sector as APTs

Banking Trojans target energy sector as APTs

Banking Trojans are increasingly being used to launch advanced APT attacks, says IBM Trusteer, which has revealed a recent attack on several petrochemical companies in the Middle East using Citadel ...

Britain's small cyber security firms get £4m boost

Britain's small cyber security firms get £4m boost

Business secretary Vince Cable has launched a new £4 million government competition to help the UK's small cyber security businesses find new ways to combat the cyber threat.

GCHQ 'spied on Germany's Deutsche Telekom'; Germans sell spyware

GCHQ 'spied on Germany's Deutsche Telekom'; Germans sell ...

UK and US spies reported to spy on Deutsche Telekom in Snowden documents, while Germany's FinFisher accused of supplying surveillance software to repressive regimes.