James Mobley, Cisco vice president of security solutions Credit: Cisco
As the criminal infrastructure that supports cyber attacks grows more efficient to speed up development of new threats CISOs need to constantly learn new skills to keep their businesses and their jobs safe, according to Cisco’s head of security solutions.
They have to have solid knowledge of network security, but also have to be able to communicate well, develop in-house security talent and stay on top of how the threat landscape is changing, says James Mobley, Cisco vice president of security solutions and former CEO of security consulting firm Neohapsis, which Cisco bought last year.
In his job Mobley routinely comes in contact with CISOs who talk about the challenges they face and the steps they are taking in order to avoid breaches and compromises that can hurt their businesses.
Mobley spoke recently to Network World Senior Editor Tim Greene about these challenges and how CISOs ought to respond to their changing roles. Here is an edited transcript of that interview.
NWW: If you were to give advice to a CISO, what are the top four or five things you would tell them to learn about if to be successful and survive in this dynamic area?
Mobley: I would say first and foremost, just to the heart of what the role is, they still need to have a very good understanding of the tenets of security, understanding that security hits across three main areas; people, process and technology.
Secondly, is getting as much of a broad-based understanding around threat actors. Security is really about being threat centric, and it’s about understanding how to build the platforms that give you the greatest flexibility regardless of what comes at you because it’s no longer possible to be able to move on the spur of the moment. You have to anticipate the moves and make sure that the things that you build are capable of scaling very quickly and adjusting very quickly. I would just say keeping that in mind, that it’s threat-centric and understanding the motivations of actors across all aspects.
Leadership would be the next one. The CISOs now - because the role is escalating, because it’s more strategic - have to have leadership capabilities that allow them to not only lead an organization but also lead change within an organization and that’s not very easy to do. It requires a mix of skills that have not always been seen in CISOs.
Outside of that, I would just simply say determine how to get a team built in an environment where there is going to be a significant shortage of talent. How do you then take a combination of people to accelerate learning and intelligence and the IQ of an organization around security? You’ve got to find ways of elevating the talent and making that talent not only better but also retaining talent. How do you manage to do that? I think that is a key challenge for CISOs, but the best ones are very good at attracting talent, developing talent and retaining talent.
Sign up for Computerworld eNewsletters.