A CISO needs to be good at a lot of things.
Understanding risk, regulations, and security frameworks all come with the territory, but it takes more to be effective. CISOs need to understand an organization's business goals and culture. They must collaborate with the executive team (despite occasionally opposing views), and they must build and direct their own departments. They must advise Boards and handle regulators, and they must be striking presenters, efficient communicators, and compelling leaders.
Then there's the technology. CISOs need to have a solid understanding of how technology works, with a hands-on knowledge of how it can be broken and how it can be fixed. They must be well versed in infrastructure, networking, databases, applications, and the protocols that drive them, whether in the data center or in the cloud, from server to desktop to mobile to embedded.
I started this blog to write about challenges facing CISOs and the entire Information Security community, from executive topics to the highly technical. There are tips, tricks, opinions, musings, and more. I hope you'll enjoy, share, and participate in the comments.
Have a lot of fun...