Make security a business issue

Chief information security officers (CISOs) who learn to speak the language of the executive suite can look forward to lifetime careers, but those who know only "geek speak" will find themselves left behind.

That view held sway among the information technology security officials gathered this week in Bethesda, Md., at the annual conference of the Federal Information Systems Security Educators’ Association’s (FISSEA).

To have an effective information security program, agencies need a CISO "who can communicate well in business terms," said James Golden, IT governance executive at the U.S. Postal Service. He added that a CISO's position within an organizational chart is less important than whether the person can communicate comfortably and effectively with senior officials.

Under federal law, CISOs report to agencies' chief information officers, which has meant that many federal CISOs have an IT background, said Jane Norris, senior information security official at the State Department.

But a trend now seen in business could influence how the federal CISO's position evolves, Norris said, citing a Forrester Research estimate that 75 percent of the largest companies will have a chief risk officer by 2007.

Norris said other security experts believe that a legal background and professional certification, in addition to IT experience, may become prerequisites for chief security officials. The profession is changing rapidly, she said, "so where we are going is open at this point."

FISSEA is a national group that promotes awareness, training and education in IT systems security. Since November 2004, it has conducted free security education and awareness workshops for more than 100 federal employees and contractors.

Featured

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

  • IT Modernization
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    VA plans 'strategic review' of $16B software program

    New Veterans Affairs chief Denis McDonough announced a "strategic review" of the agency's Electronic Health Record Modernization program of up to 12 weeks.

Stay Connected