The Chief Information Security Officer (CISO) is the highest ranking employee who is directly responsible for the security of the company. More specifically CISOs are senior level executives who are responsible for establishing and maintaining the organization’s vision for protecting information assets and technologies. You usually report directly to the CEO or CIO of a company. On average CISO’s have 7-10 years of progressive IT security experience, which gives you a good knowledge base to understand what the company needs and how to effectively fill them.
Progressive meaning you are constantly advancing in your positions and responsibilities. There’s a big difference between having 5 years of experience and having 1 year of experience 5 times. The latter refers to doing the same job over 5 years and doesn’t involve learning new skills, advancing position and career development necessary to be a well rounded CISO. As a CISO you take on a huge set of responsibilities within a company and it’s important that you have the right information to make quality decisions. Here I share some good resources for CISOs to stay up to date and network with their peers:
CSO Online: This website is specifically dedicated to creating content relevant to C-level security executives. Its blog covers modern topics relevant to CISOs such as vulnerabilities, new found threats, corporate policies, application security and much more. In addition to the blog CSO online shows CSO events, slide shows, white papers and other media relevant to a CISO.
CISO Handbook: This handbook was created to educate new CISOs on their role in federal cybersecurity. It provides an introduction to the role of CISO, provides resources to help CISOs apply risk management principles to their organizations. It also highlights important laws, policies, tools and initiatives that can assist in developing or improving their cybersecurity programs. It’s specifically tailored toward federal agencies but it has information relevant to all CISOs.
Gartner CISOs: Gartner a leading technology research firm provides research specifically for CISOs and Security Risk Management leaders. In this portal it has research reports, webinars and other forms of information useful to security leaders.
EC Council CCISO Resources: EC council is one of the global leaders when it comes to security training. They offer a CCISO certification, designed to train the world’s leading security executives. But more so than this, they offer free resources tailored towards CISO’s including a podcast series, featured whitepapers, webinars, latest news and much more.
ISSA CISO Forum: The Information Systems Security Association (ISSA) is a non-for-profit, international organization of information security professionals and practitioners. ISSA has created a Cyber Executive Membership program to give executives an exclusive environment to connect with peers, share information and have access to top industry experts as a resource.
CISO Platform: This a social network dedicated to helping CISO’s connect with one another. The goal of this platform is to create a collaborative portal for CISO’s to network, share information and better one another to advance the overall profession of CISOs.
US-CERT: The US-CERT stands for Computer Emergency Readiness Team. They respond to major incidents, analyze new threats and share information with select partners in order to improve Internet safety within America. On this site you can find information on new regulations, new vulnerabilities, alerts, tips and much more. They also separate the information based on different sectors such as Small Businesses, Federal Government, Academia etc.
NIST: The National Institute of Standards and Technology(NIST) was founded in 1901 by the US Chamber of Commerce to act as a non-bias source of scientific data and practices, including cybersecurity practices. Its cybersecurity framework is used by approximately 50% of US companies as of 2020. It also has a National Vulnerability Database (NVD), which is consistently updated as new cyber vulnerabilities are found. In addition to that you can find research papers, publications and events.
CISOs are the head of a company’s security operations and are responsible for determining the direction their company will take. It’s important that you don’t make such important decisions in isolation. It’s critical that CISOs connect with one another in order to exchange information, network and continue to grow and advance in their career. Unlike other positions where there may be 4 or 5 people in the same job title, CISOs are usually alone in your position. This is all the more reason you need to have someone you can connect with that understands your position, your problems and can offer advice to you as a peer or a more experienced mentor.