Make security a business issue

Chief information security officers (CISOs) who learn to speak the language of the executive suite can look forward to lifetime careers, but those who know only "geek speak" will find themselves left behind.

That view held sway among the information technology security officials gathered this week in Bethesda, Md., at the annual conference of the Federal Information Systems Security Educators’ Association’s (FISSEA).

To have an effective information security program, agencies need a CISO "who can communicate well in business terms," said James Golden, IT governance executive at the U.S. Postal Service. He added that a CISO's position within an organizational chart is less important than whether the person can communicate comfortably and effectively with senior officials.

Under federal law, CISOs report to agencies' chief information officers, which has meant that many federal CISOs have an IT background, said Jane Norris, senior information security official at the State Department.

But a trend now seen in business could influence how the federal CISO's position evolves, Norris said, citing a Forrester Research estimate that 75 percent of the largest companies will have a chief risk officer by 2007.

Norris said other security experts believe that a legal background and professional certification, in addition to IT experience, may become prerequisites for chief security officials. The profession is changing rapidly, she said, "so where we are going is open at this point."

FISSEA is a national group that promotes awareness, training and education in IT systems security. Since November 2004, it has conducted free security education and awareness workshops for more than 100 federal employees and contractors.

Featured

  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/Shutterstock.com)

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected