Over the last week, I’ve been interviewing a few selected security managers for a forthcoming Computer Weekly special. It’s been an interesting experience, and I was highly impressed with what I heard. Today’s security managers are far more sophisticated than they used to be. They have a better understanding of the business landscape and the emerging challenges. They also have a more realistic appreciation of the limitations of the resources at their disposal and how to get the best out of them. And they are more articulate when explaining complex security issues to directors and business colleagues.
Security has come a long way in the last two decades. Back in the eighties it was a backwater for aging operations managers, or auditors trying to escape the accountancy profession. In contrast modern security managers have to straddle the technical and the business dimensions of the problem and solution spaces. And they must be able to master the human factor, whether it’s tackling staff, criminals or hard-nosed business managers. It’s a major challenge. A top CISO needs all the qualities of a CIO but with state-of-the-art know-how about current vulnerabilities and emerging threats. And many are rising to the challenge. I’ve seen far more successes than failures in recent years.
Where will it all end? Will we ever see security on the Board? Probably not, because at very senior levels it’s hard to justify operating within such a narrow specialism. One thing is certain however. Top security practitioners will continue to require a greater set of skills and knowledge than many other parts of IT and business. That’s why the top jobs continue to attract such high salary packages.