The Changing Role of the CISO
By Tammy Moskites, CIO & CISO, Venafi
Between the rise of Internet of Things and the increase in sophistication and frequency of cyber threats, the IT landscape remains ever-changing. We now have massive amounts of data at our fingertips, and technology is evolving faster than ever. In the past, cybersecurity was approached as an IT issue, but it has transformed in recent years to become a central business concern, and C-suite roles are shifting in response to changing priorities. If we’re to keep up the pace and adopt emerging technologies, security needs to be a priority in every organization, regardless of industry. Further, CIOs, CISOs and other leaders from the C-suite to the board level need to work together to mitigate risk in organizations across industries and throughout government.
"CIOs, CISOs and other leaders from the C-suite to the board level need to work together to mitigate risk in organizations across industries and throughout government"
With the rise of DevOps and explosion in mobility, the IT world is rapidly evolving, and as a result, security often becomes an afterthought when it should be a central concern. To stay ahead of the game, it’s essential for CISOs and CIOs to continue to develop their craft. For me personally, learning is a lifelong endeavor, as it should be with all information security professionals. I’m constantly meeting with industry experts, attending tradeshows and discussing hot button issues with my peers, customers and teams to stay up on the latest threats, trends and industry developments.
In my current role with Venafi, I serve dual roles as CIO and CISO. I have over 30 years of experience, serving in a variety of IT/security roles. From managing helpdesks, to providing desktop support, to overseeing identity management, production control and capacity planning—I have seen nearly every side of IT. If I combine that with the last 20 years focused primarily in security/compliance, it was natural for me to take on the role of both CIO and CISO.
In years past, security did not necessarily lie within the purview of a CIO; instead, the CIO was only concerned with managing IT infrastructure. Over the years, this role has evolved significantly. In fact, CIOs today have a great deal of influence on public perception and to be successful within the role, individuals must be business-oriented, innovative leaders. The role is continually evolving, and the challenges confronted by today’s CIO are numerous. In fact, in CIO Magazine’s 2016 State of the CIO report, 88 percent of CIOs indicated their role is becoming increasingly challenging and 71 percent said they struggle to find a balance between innovation and operational efficiency and security. In my current position, I’ve experienced that struggle firsthand.
Since I straddle two positions, acting as both CIO and CISO, my role is a unique one. Over the years, cybersecurity has transformed into a C-suite conversation, so my roles tend to overlap and intermingle. In my current position, I help CIOs and CISOs fortify their strategies to defend against increasingly complex and damaging cyberattacks on the trust established by cryptographic keys and digital certificates. I have a dual responsibility to not only protect Venafi but also protect our employees and customers, and I take that role very seriously. Though challenging at times (what job isn’t?!) my work is tremendously rewarding. If I had to offer advice to a CIO/CISO looking to succeed in the cybersecurity industry, here’s what I’d say:
• Commit to lifelong learning: Our industry changes fast so you need to keep up with continuous education and learning especially as the threat landscape rapidly evolves.
• Collaboration is key: Rely on your team and your peers to stay ahead of the latest threats and overcome those challenges together. Also be sure to surround yourself with people smarter than you!
• Communicate, communicate, and communicate: Networking is critical in our industry. Talk to anyone and everyone to build connections, brainstorm solutions and gain new insights. We must work together.
• Learn from your success AND failures: There is no such thing as 100 percent security in this day and age, but there’s always a lesson to be learned from every security breach, vulnerability or cyber threat. I have done things well and I’ve done things poorly, and I’ve learned lessons from both.
Since I’ve started at the very bottom of the tech ladder and worked my way up, I’ve had a front row seat to watch the industry evolve and witness roles shift over the past several years. With the spotlight now squarely on cybersecurity, C-suite roles have evolved significantly to allow for greater collaboration. Our current threat landscape requires InfoSec leaders to exchange information and work together to mitigate risk. I’m lucky enough to work with a fantastic team of incredibly talented individuals, and I often look to them as a sounding board when I run into issues and need another perspective. If you can’t collaborate with the people you work with, how can you expect your company to succeed? Further, if we can’t work together to combat cyber threats, how can we expect to ever beat the bad guys?