Tech-savvy CISOs are going soft on security.
RSA Conference 2007Security managers are finding it increasingly necessary to sharpen their communication and marketing acumen. Mastering the softer skills of writing and public speaking is becoming a mandate in order to sell upper management on new projects and budget requests.
Universities have noticed the trend and are adding communication courses as a complement to engineering and computer science curriculums.
Julie Ryan, George Washington University assistant professor of engineering management and systems engineering ensures that her information security students understand the importance of concise writing and grammar, in addition to technical know-how.
"Senior executives tell me that one of the first things they look for is the ability to communicate," she said. Ryan requires her students to write policy documents and give speeches in class.
Ron Woerner, information risk manager with ConAgra Foods, said colleges should shift from entirely focusing on the hard sciences like physics, which is sometimes offered as a necessary study for information security, to psychology and human relations.
"Technology is easy to lock down, but it only takes one person with privileges to take down that security," Woerner said. Understanding some psychology, he said, can help you understand and secure networks against social engineering threats, for example.
Public speaking training from Toastmasters or the National Speakers Association can instill confidence as CISOs sell new initiatives and policy changes to the board. Interpersonal communication skills may help you play office politics to your advantage, but according to Shawn Moyer, CISO of Agura Digital Security, "Try to remain apolitical, but aware of the process. Information security pros should be Switzerland, if at all possible--avoid strong alliances with a given faction and try to be a balanced, reasonable voice."
CISOs can no longer rest on just their technology skills. Softer skills have to be blended with knowledge of business administration to create a well-rounded leader.
"Continuing to understand the business and economics, and how the two fit together, will be important," Woerner said. "Business is all about money, and you want to make sure you're spending your money wisely. Know how economics works. You don't want to put in place $100,000 worth of security technology when you're solving a $10,000 problem."
"Businesses are looking for people serious about information security, people who can build a world-class information security function," says Lee J. Kushner, president of L.J. Kushner Associates, an information security recruitment firm. "They need someone who can do more with less and who can maximize the company's resources: money, people and technology."