.

Reaching the CISO role?

<<

cyeudoxus

User avatar

Newbie
Newbie

Posts: 14

Joined: Mon Nov 12, 2007 12:38 pm

Post Wed Jan 23, 2008 8:11 am

Reaching the CISO role?

Hi,

I dream of reaching the chief information security officer seat one day. I've been thinking of getting some CISSP and CISM certification but as well as a MBA or or Masters in information security?

cyeudoxus
“Our character is what we do when we think no one is looking.” -ayn
<<

LSOChris

Post Wed Jan 23, 2008 8:36 pm

Re: Reaching the CISO role?

yes
<<

Dengar13

User avatar

Sr. Member
Sr. Member

Posts: 380

Joined: Tue Sep 20, 2005 8:43 am

Location: The Steel City

Post Thu Jan 24, 2008 7:21 am

Re: Reaching the CISO role?

That sounds like a good start to me. 
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
<<

LSOChris

Post Thu Jan 24, 2008 11:06 am

Re: Reaching the CISO role?

yup now try asking a question and you might get an answer.

i like dogs?

isnt really a question.
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Thu Jan 24, 2008 12:39 pm

Re: Reaching the CISO role?

It was a bit of a non-question, but I'll throw in my 2 pesos.  There has been a major shift in the CISO role over the last few years.  It is moving away from the perspective of "do whatever it takes to secure our stuff" to "make sure you secure our stuff in a way that will meet our business needs."  Basically, they want someone that can tie information security to their bottom line.  If you look at some of the major Fortue 500 companies you'll notice that their CISO position has moved out from under the CIO/CTO to under the CFO/COO.  (Translation: out from under the IT geeks to under the finance geeks)  You are still expected to focus on securing the environment, but it is now much more of a risk vs reward scenario.  You'll have to answer why you dropped $2 million on new hardware in order to protect $1 million worth of data.  At this point in time you will get more bang for your buck getting the well-known generalist certs (CISM, CISSP) and then going for an MBA rather than loading up on the hands on certs and degrees in computer science and IT.
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu Jan 24, 2008 4:16 pm

Re: Reaching the CISO role?

You have a very solid understanding of this c-level position. Of course, every organization will be slightly different, but you're spot on in your assessment.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Fri Jan 25, 2008 10:57 am

Re: Reaching the CISO role?

I just re-read that post and realized that I left out the rationale of why they are moving the CISO role.  If you think about it, the CISO and the CIO/CTO (chief information/technology officer) roles are direct contradictions of each other.  The CIO/CTO is under a lot of pressure to make as much data as possible to as many people as possible.  The is for ease of use from within the organization and for customers and business partners.  The CISO is on the other end of the spectrum as they are usually trying to limit as much information as possible and put up barriers to many of those same users/customers/partners.  As an extreme example (and not realistic but I'm just trying to make a point), if they could get away with it many CIO/CTOs would make everyone administrators and have every firewall rule any-any.  If they could get away with it, many CISOs would take scissors to every Cat-5 cable they could reach and pour cement over the firewalls.  With this in mind, when the CISO reports to the CIO/CTO, they are often trumped and their suggestions shot down.  Nobody thought this was a big deal until companies started losing millions of dollars in data and getting fined for not being in compliance with regulations.  To break this conflict of interest the CISO spot is being moved under the finance and risk management area of the organization structure. 
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER

Return to General Certification

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software