A shift has occurred in the bastion of corporate hierarchy in the last few decades that has fundamentally changed how organizations operate. This shift started about sixteen years ago in 1994 with Citibank/Citigroup. After suffering a cybersecurity incident, they created the role of Chief Information Security Officer (CISO); a role which has only grown in prominence since.
Research by Cybersecurity Ventures projects a doubling of the global cost of cybercrime in the 2015-2021 period from $3 trillion to $6 trillion. The escalation of cybercrime is closely related to the rapid expansion of the cyber attack surface. For instance, the total number of Internet users doubled between 2015 and 2018 from 2 billion to 4 billion, and is expected to hit 6 billion by 2022.
Privileged access management (PAM) consists of strategies and technologies for exerting control over the elevated (“privileged”) access and permissions for users, accounts, processes and systems across an IT environment. By implementing an appropriate level of privileged access controls, PAM helps organizations condense their organization’s attack surface and prevent, or at least mitigate, the damage arising from external attacks as well as from insider wrongdoing or negligence.
The traditional career path for a chief information security officer (CISO) is fairly straightforward. An individual begins their career in IT but ultimately moves to security after demonstrating a security mindset. Once established within the ranks of information security, the professional receives promotion after promotion until they attain the title of CISO.
Sometimes your best intentions are thwarted by technology. That was the case when Thom Langford and I attempted to do a Q&A session after our webinar “Modern Skills for Modern CISOs.” Unfortunately, the session ended before we got the chance to answer the questions that the audience had submitted. The silver lining is that we had the chance to write our answers thoughtfully instead of answering them on the spot.
As the digital economy has grown and changed, cybersecurity has become an integral part of operating nearly any successful business. The Chief Information Security Officer (CISO) is at the forefront of the modern cybersecurity organization, and CISOs have to adapt to the changing times in front of them.
Gone are the days when being a CISO (or even just ‘the security guy’) was about actual information security or IT security. Even the term IT security is outdated now, as it emphasizes a one-dimensional view of what security is really about. However, I digress…
