Want to be a CISO? Being technical is just one of the requirements

by Mirko Zorz, Director of Content, Help Net Security

As data breaches' financial and reputational costs continue to reach new heights, cybersecurity should be on top of mind for leadership across every industry.

Recent Proofpoint research found that 65% of board members believe their organization is at risk of material cyber attack in the next 12 months. Worryingly, 47% feel their organization is unprepared to cope with a targeted attack.

In this Help Net Security interview, Chris Konrad, Area Vice President of Security, Global Accounts at World Wide Technology, offers advice to CISOs that are increasingly under pressure, discusses using a security maturity model, discusses interesting security technologies and more.

What advice would you give to a newly appointed CISO that strives to improve security strategy?

CISOs can no longer focus strictly on developing technical capabilities and protecting their organizations. Executives and boards are looking to CISOs to make investments that drive growth with a holistic security framework.

The next step is conducting a comprehensive cybersecurity program assessment to know at what level of risk you are operating. This type of analysis provides rich insights that can be actioned to increase your security program maturity. This analysis also helps to maximize the use of people, processes and technology to reduce risk and increase efficiencies.

Risk management should be a C-suite priority because it is one of the single most important determinants of business value realization. Risk management is the system by which an organization's portfolio is directed and controlled.

How can an organization leverage a security maturity model to assess its current infosec position?

A security maturity model can help CISOs measure, communicate and visualize improvements and investments in the security program…