In a recent blog post, Clawson noted that in the Obama administration’s recent roadmap for cybersecurity education and training there is no agreed definition of what it means to be a cybersecurity professional, yet government agencies are directed to adopt cybersecurity competency models by 2012.
Industry should step up to the plate and develop a cybersecurity officer position to complement the roles of the chief information officer (CIO) and the chief information security officer (CISO). “Different from both of these, a cybersecurity officer is focused entirely on cybersecurity. A number of organizations have felt the need to rethink security priorities and distinguish these roles as cyber crime becomes more rampant”, Clawson wrote.
The Lumension chief noted that Chinese telecom firm Huawei has recently announced the appointment of a global cybersecurity officer to “monitor and improve all aspects of information security across Huawei's global supply chain.”
Other firms, particularly in the US, are expanding the roles of their computer security officers and CISOs to tackle broader cybersecurity threats, such as advanced persistent threats (APTs). “Because APT’s are generally linked to foreign nation governments, I’ve seen more and more companies adapting to this" approach, Clawson wrote.
“Any organization can benefit from implementing a cyber security role (in any capacity) now and can hold direct competitive advantages. By implementing a cyber security role, organizations can catch breaches faster – saving time, money and reputation”, he stressed.