Firstly Julie, are there any (ISC)2 Foundation updates you’d like to share with the readers of Infosecurity?
Several, actually. Our scholarship applications are growing rapidly, including the female security scholarship applications. We also have a new partnership with the University of Phoenix offering five new scholarships and a partnership with Booze Hamilton for a cyber-warier scholarship.
The first is the growth of interest from our members and volunteers. The Safe and Secure Online program now has over 1400 volunteers operating in seven countries. We need to re-configure the program to keep up with its growth.
The parent/teaching training is growing in popularity, calling attention to the rise of a new parenting style: ‘parent as friend’. Your child does not have a right to privacy when it’s your computer, your house, your internet, your child. You have a responsibility to monitor your children the same way you do in the real world. The online world is just as scary, if not scarier.
So why are the volunteer programs so popular with your members?
Our members have an innate sense of protecting others and the need to protect children, the most vulnerable in society. That’s the first reason. The second is that children are the future of cybersecurity. So a secondary objective of the program is to encourage children into the industry.
How good is the information security industry at marketing itself?
What we’re lacking is a concerted effort. We need to do more work to learn what makes the industry look attractive. There is a still a strong stereotype associated with the industry: the socially inept technology capable people portrayed in TV shows. People need to understand that you don’t necessarily have to be a ‘tecchie’ to work in this industry. We’re seeing more and more people with business backgrounds, and those from social sciences, liberal arts and psychology.
So what qualities are essential for 2013’s CISO?
Today’s CISO needs to have a really good balance of the left and right side of the brain, needing both hard and soft skills. They need the ability to anticipate; a technical background; and the ability to manage upwards to the CEO. Professionals need to be able to advocate for information security, and stop being the ones that say no. To succeed, they must engage with the business reason and business needs. They must talk the talk.
Are organisations spending enough on information security?
No they’re not. Today’s CISO would say they don’t have enough personnel – but it’s not just a personnel issue. We need to get better at information sharing to deter hackers from moving from one corporation to another with the same attacks. We’re starting to look more at outsourcing, which is a viable option and a positive trend if handled well.
Finally, as Infosecurity celebrates its tenth anniversary, perhaps you could share what you believe has been the most important evolution for the industry over the past decade?
The evolution of the industry from information security being in the corner of the IT department with no-one understanding what it is, to an enterprise-wide issue which is critical for our systems and data. Information security is now completely pervasive and as technology changes, our industry will be smart enough to keep up.