"I have spent over 30 years in IT and cybersecurity. Throughout that time, I've worked in the DOD, both as a civilian and in uniform, built and managing networks, delivered technologies and services with a value added reseller (VAR), led a team of sales engineers at a security technology company, consulted analysts and board members with a Big 4 consulting firm, been an established CISO with multiple companies in different industries, and now lead the US practice at a global legal and cyber pre-incident/post-incident consulting firm (CyXcel)."
"The second type of CISO is the Business CISO. This type of CISO has never touched a technology and often has grown up in other areas of the business, such as sales, project management, or the like. This CISO has the blinders turned in the other direction, only being able to understand the needs of the business, but doesn't know how to translate them into security capabilities to meet those needs of the business."
"The first type is the Security Engineer CISO. This is a person that has grown up in cybersecurity and was overpromoted into the role of CISO. This CISO has blinders to only see and understand the technical aspects of the cybersecurity program."
Bryan Marlatt has more than 30 years of IT and cybersecurity experience spanning the DOD, network engineering, VARs, security technology sales engineering, Big 4 consulting, and multiple CISO roles, and now leads the US practice at CyXcel. Marlatt identifies three CISO archetypes. The Security Engineer CISO rises from technical cybersecurity roles and tends to focus narrowly on technical aspects of the security program. The Business CISO originates from nontechnical business functions such as sales or project management and understands business needs but cannot translate them into security capabilities. A third archetype is labeled the Fully Functioning CISO.
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]