Why Security Leaders Need to Have a 'Broadness of Skills'Security Analyst Paul Watts on How the CISO's Role Is Connected to the Business
Security is about more than technology, said Paul Watts, a distinguished analyst at the Information Security Forum. It's also about people and process, he said, with the ultimate goal of adding value to what the business is trying to do.
Watts said his advice to security leaders - a term he said is more inclusive than "CISOs" - on how to achieve this goal is: "Put yourself in the business's shoes. Be curious. Listen. Learn." He said security leaders should pursue a "broadness of skills" rather than just focusing on the technology needed to add and remove security controls and meet regulations. Security leaders should be aware of costs and risks, he said - and if a business is in a situation where it needs to take on more risk, the security leader should support that.
In this video interview with Information Security Media Group, Watts also discussed:
- How adding creative people to the security team can help connect security to the business;
- Why security leaders need to learn the language of business;
- The need to market cybersecurity careers to future leaders as being about more than just pen testing.
Watts (FCIIS, CITP, MBCS, CISSP & CISM) has worked in information technology for over 28 years, 17 of which have been as a security executive and CISO in a range of sectors including financial services, retail, critical national infrastructure, food and beverage, data analytics and market research. He serves as a distinguished analyst at the Information Security Forum, working with and supporting CISOs from over 420 Member organizations worldwide, and leading the forum's research and advisory track for security leadership and strategy. He also serves as a non-executive director in the education sector.