Skip to main content
banner image
venafi logo

CISO’s Need a Seat at the Table

CISO’s Need a Seat at the Table

March 9, 2015 | Tammy Moskites

Cyber breach headlines are on the increase and underscore the need for security awareness at the very highest levels of an organization. In 2014 alone, hundreds of millions of records were stolen and tens of millions of dollars were spent on investigations, fines and lawsuits. I was wondering... in how many cases did the CISO have access to the Board of Directors? It is without a doubt, so important to ensure awareness; Chief Information Security Officers (CISO’s) need to be an active and engaged part of board of director meetings. In addition, Board members should not only know their CISO’s views on cyber security, they should have his or her cell phone number on speed dial.

It wasn’t long ago that corporate security meant blocking and tackling to prevent viruses from getting on your systems and making sure that nefarious people did not gain access to internal networks. But as we all know as executive leaders, the environment is ever changing and the attack vectors are many. Today’s CISOs grapple with a much wider, deeper, and more complex set of responsibilities—going beyond just keeping the bad guys out and deploying security that also enables the business. It is vital that board members understand the importance of cyber security and its potentially catastrophic impact on their organization’s brand, reputation, bottom line, and stock price when not implemented effectively. To make that happen, we as CISOs need to better promote our role and educate board members that cyber security is a high priority and should be a top concern. It now influences every aspect of the business.

To sell the value of our contribution to the company to board members, CISOs must be able not only to market their role more strategically—but they must act more strategically. The new generation of security officers must possess strong business acumen and have the ability to think long term and not be afraid to wear many hats. They need to know how the company operates, its top business goals, and its appetite for risk when developing and implementing a security framework. They must also communicate their knowledge in business-benefit terms that resonate with a wider range of audiences. They must be able to enable the business while ensuring that risks are mitigated, acceptable risks are completely understood and must have strong controls to support them. The protection of their data is vital to business operations.

The CISO of today must also be extremely collaborative, with good listening and communication skills, because the heightened visibility of this critical executive role brings with it the responsibility of ensuring that cyber security becomes top of mind across the entire organization, from the boardroom to departmental employees. A seasoned security leader with a strategic business perspective should be comfortable developing and communicating a security vision and positioning the needed resources and talent to translate that vision into a reality.

At the same time, board members should see the value of having the CISO in board meetings. Board members need to learn why it is vital to keep abreast of the cyber security landscape and its impact on corporate initiatives such as mobility, social media usage, and global expansion. They should discuss with their CISO the need for an effective crisis management program and know what their role is if there is a security incident. In fact, because of the critical nature of cyber security today, qualified CISOs should also be encouraged to join the boards of other companies as well.

Of course there is so much more I would like to say in this blog—but then it will become a short story...

I hope my comments spark a discussion. What role does the CISO play in your organization? Does he or she regularly address your board of directors on the importance of compliance and security directives? What changes would you like to see to better align security with the business of your company?

As always, I am interested in hearing from you!!!



Like this blog? We think you will love this.
image representing big data
Featured Blog

Was ist homomorphe Verschlüsselung, und wie wird sie verwendet?

Was ist homomorphe Verschlüsselung? Zweck der

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Tammy Moskites
Tammy Moskites

Tammy is Managing Director, Senior Security Executive at Accenture. She has 30 years of experience and is noted for her expertise leading IT security organizations. She was previously the CIO/CISO of Venafi Inc.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more