As I reflect on my 25+ years in Information technology and cybersecurity, I remember when I first started working professionally with computers. I was a 2nd class petty officer in the US Navy and part of my new IT job was to help personnel with our desktop computers. I remember we had brand new desktops, they were Pentium 286’s with floppy drives–they were state of the art . So with that in mind, part of this new job was assisting “users” with their issues and helping them use our clunky business applications. In time I would come to dislike having to deal with “users”, however I loved my computers so I kept at the job.
Thinking about it now, I honestly believe my attitude back then was a factor of being young and impatient. That attitude to me today seems so foreign, we had the belief back then that we were smarter than everyone and without us it would all fall apart. As I think about my career and all of the positions I have worked in since then, I remember when I first came to realize that those “users” were why I had a job and that being the smart “IT guy” didn’t mean anything. Without my “users” there would be no IT department, no reason for my organizations networks and no reason for why we would need to secure them. To say that realization was a big shock would be an understatement.
“It is a dynamic world that we CISOs now operate in, to succeed we need to accept our new role and be willing to be both a team member and leader.”
So with that in mind you may wonder, why I am discussing this stroll down memory lane? The reason is as I sit in my position as the Chief Information Security Officer (CISO) for the 8th largest city in the United States I see my community, in cybersecurity, going through dramatic changes. Some of these are the accelerating upheavals in technology such as threat analytics, IoT and cloud technologies; plus, the rise of criminal and nation state organizations using advanced attack methodologies to wage wholesale information warfare for profit and political gain. These upheavals are forcing many organizations to reassess how they use cybersecurity (if at all) in their organizations.
These changes have forced many CISO’s, including me, to take a hard look at how we do our jobs to protect our organizations. I believe it is forcing many of us CISOs to realize we need to work together and to collaborate if we expect to survive. I would also take it further, that as a CISO to implement cybersecurity effectively in your organization you should look at cybersecurity as a team sport. So with that in mind, I believe your “Cyber Team” is made up of the following:
• IT personnel (Operations, Networks, Cybersecurity, Governance, Development etc.)
• Executive leadership (Departmental, Business Units & C-Suite)
• Business departments and their personnel
• Professional contacts, organizations, and Federal, State, Local government entities.
As my organizations CISO, I have found that I need each of these team members to transition from my old role of “Business Protector” to my new role as a “Business Enabler”. I believe that to protect my organization and implement its security program effectively I must be willing to admit “I can’t do it alone”. It is a dynamic world that we CISOs now operate in, to succeed we need to accept our new role and be willing to be both a team member and leader. As CISOs we must be willing to accept input from all team members, use help when offered and be willing to ask for assistance. Cyber today is a team sport, let’s get busy!