CISOs take center-stage

Of the myriad executive-level positions that have entered and moved up the organizational charts of government agencies, the chief information security officer (CISO) ranks as one of the newest and, increasingly, one of the most complex.

The CISO job is largely an outgrowth of the Federal Information Security Management Act of 2002, which requires each federal agency to develop a plan for securing the information and systems within its purview and file annual security reports with the Office of  Management and Budget.

By 2005, most agencies had created the CISO position to essentially serve as the chief compliance officer for FISMA. The main responsibilities included developing and maintaining an enterprise information security program, certifying that security controls are implemented and working as intended, and serving as the agency’s principal adviser on IT security matters.

But the nature of IT security matters — brought to high alert by episodic breaches and ongoing cyber threats — has raised the stakes for and profiles of these now-pivotal players in government technology. Their job is not just about filing compliance reports anymore.

The typical CISO must now maintain relationships with a range of stakeholders inside and outside the agency, beginning with the chief information officer and IT security operations staff and moving on to facilities managers, privacy officials, disaster recovery and business continuity planners, enterprise architecture working groups, and personnel management departments.

Outside the agency, the CISO works with the CIO Council, OMB, Congress, the National Institute of Standards and Technology, the FBI, the Homeland Security Department and private-sector partners.

All of which further raises the question: What makes a successful government CISO? Do they have the authority and resources they need to tackle the increasing loads they are asked to shoulder? What kinds of skills and attributes now constitute the ideal candidates?

Contributing editor John Moore put these and other important questions to six experts — one former and five current government CISOs — who came together for a virtual roundtable discussion.

Also in this week’s issue, we are pleased to present a small taste of an important new book, “If We Can Put a Man on the Moon: Getting Big Things Done in Government.” The authors, government reform experts William D. Eggers and John O’Leary, say big things start with big ideas, and they offer six tips for generating those ideas.