A panel of CISOs came together at InfoSec 2018 to discuss the role of the CISO in trying to make companies safer and more secure.
Cory Scott, CISO, LinkedIn explained how his organisation is redesigning security teams to support the business of the future and also his view on what CISOs do. Under the heading Catalogue Vs Identity, Scott explained that there are four categories: operations, consulting, engineering and governance. Scott put the types of workers into superhero terms with the analogy that: “Some companies have a defender/protector, a clever trickster, an engineering wizard or an actuarial assessor in each category. Operations, consulting, engineering and governance should all include every type of worker within their departments to help the company run the most smoothly.”
Scott then went on to talk about how at LinkedIn, it recruits from a wide range of backgrounds and career paths to make the most effective work force and find people with similar mindsets. He used the example of people from a triage background because while they may not be familiar with the cyber-security content as much as some others, they have a particularly quick mindset and way of thinking which can be good in cyber-security.
CISO of leading international law firm Pinsent Masons, Christian Toon, described to the audience how his organisation approaches the problem of how to attract, recruit and retain top talent in a competitive skills market. “I don't think there's a skills gap, I think there is an attitude gap,” said Toon. He talked about how there is a gap in attitude between those that are keeping up with changes in modern times and those that are not recruiting as times are changing. His tips were: “Be flexible: be flexible in your employment, in the hours and in how you employ people. Be diverse: be diverse in all situations and with who you hire. Be different: if you're not different, people are not going to want to work with you so you have to be different and innovative.”
How to develop your cyber-career was angle that Mun Valiji, CISO of Sainsbury's took . According to Valiji: “The demand for talent exceeds the supply. It is predicted that online crime will cost businesses as much as £1.4 trillion a year by 2019, so cyber-security experts are some of the most prized professionals worldwide.” Although saying that, Valiji pointed out that just because there are, “...an abundance of open roles, does not mean a career will come easily. You're more likely to get ahead in cyber-security if you have experience. Even though the industry skills gap means organisations are less likely to take people with less experience, practical knowledge is a huge advantage.”
Valiji then went on to suggest routes into the cyber-security industry for younger entrants, commenting: “Internships and entry-level jobs are ideal starting points, networking websites like LinkedIn can also be helpful. Meeting people and making connections is sometimes essential for getting your foot in the door.”
Speaking in terms of the content that comes with cyber-security, Valiji said “cyber-security isn't something you can pick up quickly, there are a lot of complex topics that you need to at least be aware of. The path to a successful career in cyber entails motivation, practice and persistence.” Valiji suggests starting with the fundamental IT building blocks to build an effective cyber-career and also says, “get involved and don't take no for an answer.”
As the CISO of Vodafone, Emma Smith discussed a day in the life of a CISO. She explained that roles included being a security leader who is responsible for incident response, new tech and vulnerabilities, policy and control, board and executive, risk appetite and management, delivering change and providing a roadmap, and selecting appropriate products. There is also a business leader who is responsible for business-aligned strategy, people leadership, budget planning and management, customers and stakeholders, influencers and comms and engagement. ey tips Smith suggests are:“Fnd a few people in your organisation who will become your sponsors and advocates. That is really important. Maintain balance in your life as a CISO between work and home life and be really organised because it helps you to lead more of a normal life.”