The Brave New World of InfoSec
About this Blog:
A seasoned security pro's take on events around the world.
What Melissa Hathaway Faced is Endemic for All CISOs and Cyber Czars
Melissa Hathaway stepped down this week in her role as the White House's acting cyber security czar. Let’s align her brief trials and tribulations with those that CISOs face every day in a ‘read between the lines’ view:
According to informed sources, Melissa was “spinning her wheels” “(GETTING NO SUPPORT) as the president’s (CEO’s) economic advisors (CFOs) sought to marginalize (CONTROL) her politically (ECONOMICALLY).
Cyber security is "a major priority for the president (CEO)," White House spokesman Nicholas Shapiro said, adding that the administration (COMPANY) is "pursuing a new comprehensive approach to securing America's (THE COMPANY’S) digital infrastructure – (AS LONG AS THE CFO APPROVES)". In the search to fill the top cyber post (CISO ROLE), "the president (CEO) is personally committed to finding the right person for this job (SOMEONE WHO DOESN’T MIND RESPONSIBILITY WITH NO AUTHORITY), and a rigorous selection process is well under way (MAJOR PSYCH TEST TO SEE WHO DOESN’T MIND PLAYING THIRD FIDDLE)," he said.
She lost favor with the president's (CEO’S) economic team (CFO) after she said it should consider options for regulating (ENSURING PROPER SECURITY IS IN PLACE) some private-sector entities to ensure they secure their networks (DO WHAT THEY SHOULD HAVE DONE ALREADY), said cyber security specialists (TEAM MEMBERS HOLDING ONTO THEIR JOBS) familiar with the discussions.
The result was a cyber security official (THIRD FIDDLE CISO) who would report both to the National Security Council (PHYSICAL SECURITY) and the National Economic Council (CFO). Supporters (PHYSICAL SECURITY AFRAID OF HER ROLE TAKING OVER SOME OF THEIR RESPONSIBILITIES AND THOSE IN THE CFOs WHO DON’T WANT TO PAY FOR IT) said that arrangement would cement cyber security as a critical security and economic issue (AS LONG AS WE CAN CONTROL THIS ROLE – NO ELEVATION TO THE RIGHT REPORTING STRUCTURE);What Melissa faced is what CISOs the world over face. Corporations don’t know what to do with the role of the CISO and the position of the CISO within the corporation. They certainly don’t want the role reporting to them since there is then no filter, and as we who have been in the role know, there are multiple filters that prevent the real message from reaching its intended audience. In parallel, the Obama administration is acting in much the same way as corporations. Until such times as corporations and the government understand the role, the CISO will be relegated to a backseat reporting to multiple masters; the masters who wish to control and manage the position in their view. A view that does not understand what cyber security really is. The role needs to be elevated to a direct report of the President (CEO) and they need to start learning and listening.
If this does not occur, then cyber security will continue to suffer. Since it is not occurring, as with most everything in the U.S., it will take a disaster for people to wake up and give the position it’s due. Wake up America and let’s get the role of the CISO to the right position.
Previous Post: Top Ten Reasons You Know Your CISO Must GoNext Post: Cyber Asset Review System - CARS
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
WHITE PAPER
Reduce Email Archives up to 60%
Are you considering implementing a proactive archiving and eDiscovery solutions? This paper summarizes 15 separate soft cost savings when implementing Symantec Enterprise Vault and the Clearwell eDiscovery Platform.
WHITE PAPER
Aberdeen Report: To Patch, or Not to Patch? (Not If, But How)
The report explores the correlation between the current use of patch management and the level of endpoint-related risk that companies are effectively accepting.
Recent Comments
Webcasts
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- Moving Your Email to the Trusted Cloud
- Comprehensive Server Protection
White Papers
