Report Card: 2007 Incite #2 - CSO Next

Submitted by Mike Rothman on Mon, 2007-12-24 07:37.
::

Let's continue marching through the Incites. After this one, we'll be 20% done! Now that's a half-full viewpoint, if I ever saw one...

Incite #2 - CSO Next

A new breed of CSO emerges in 2007, focused on running security as a business. High visibility, setting milestones, communicating progress, prioritizing fiercely, outsourcing strategically, managing vendors aggressively, and embracing advisors and coaches are the hallmarks of “CSO Next.” This Pragmatic CSO needs to look more like an MBA-type than a code jockey, which creates many challenges for the current generation of technically oriented CSO.

Days of Incite Link:http://securityincite.com/blog/mike-rothman/2007-doi-day-2-cso-next
Incite Redux Link:http://securityincite.com/blog/mike-rothman/incite-redux-july-9-2007

Final grade: A

The concept of this Incite is right on the money. All over the industry you continue to hear about how Chief Security Officers need to transcend the technology and really focus on how security plays within the business. Wait. Can you hear that? It must be the sound of one-hand clapping.

As much as I nail it relative to what CSO Next needs to be able to do, the cold, harsh reality is most security professionals are woefully unable to make this transition. The reality is that many security folks are not cut out to have a C-level title. It’s as simple as that.

So, the first thing on your list for 2008 needs to be a brutally honest assessment of whether you want to make the transition. It’s OK if you don’t. That’s cool, but to take the job and fail because you don’t want to deal with politics or focus on persuasion, just means you are going to stunt your own career.

That is not what you want under your tree during the holidays.

But if you are the type that wants to take that step, then start to take a crash course in your business. What are the revenue drivers? What are the cost levers? Do you understand the key imperatives for the CEO? How about how those imperatives map to the CIO’s strategy and thus, how they impact what security has to worry about?

Are you getting ahead of the curve and studying all about data security and this Web 2.0 stuff? If not, and you want to be CSO Next, you better get to work. No rest for the weary – get to it. There’s a big world out there that needs to be protected.

Check out the other posts in the Report Card series.