{% set baseFontFamily = "Open Sans" %} /* Add the font family you wish to use. You may need to import it above. */

{% set headerFontFamily = "Open Sans" %} /* This affects only headers on the site. Add the font family you wish to use. You may need to import it above. */

{% set textColor = "#565656" %} /* This sets the universal color of dark text on the site */

{% set pageCenter = "1400px" %} /* This sets the width of the website */

{% set headerType = "fixed" %} /* To make this a fixed header, change the value to "fixed" - otherwise, set it to "static" */

{% set lightGreyColor = "#f7f7f7" %} /* This affects all grey background sections */

{% set baseFontWeight = "normal" %} /* More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set headerFontWeight = "normal" %} /* For Headers; More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set buttonRadius = '40px' %} /* "0" for square edges, "10px" for rounded edges, "40px" for pill shape; This will change all buttons */

After you have updated your stylesheet, make sure you turn this module off

Today’s CISO: Personality Should Dictate Where the Position Resides

by John Kirkwood on May 8, 2012

In one of my previous blog posts, I talked about where the CISO typically reports to today and presented the notion that organizations need to match the different CISO personality types with corporate security objectives. 

When you are introduced to a doctor, you would probably naturally ask “What type of doctor are you?”  The response will indicate the doctor’s specialty, skills, training and experience.   And, if you were looking for an attorney or accountant, the first question would be what type of attorney or accountant were they.

When introduced to a CISO, you can’t ask that question. We do not formally think of “types” of CISOs.  The question that tends to substitute is “where do you report?”  Whom you report to can be roughly translated into the types of duties that the CISO is performing.    A CISO who reports to Legal and Compliance is more likely not to have security operations responsibilities than one who reports to the Manager of Network Operations and Infrastructure.

CISO job descriptions further evidence different, diverse skill sets that organizations currently require from CISOs.   Relevant contextual factors which influence where the CISO reports include enterprise strategy, organizational culture, history with the CISO function, security incident experiences, and accepted practice industry and compliance requirements.

I suggest that different organizations require different types of CISOs at different times given the different factors described above.  Of course, these factors change over time and may require that the reporting structure of the CISO is changed.

In my next blog post, I’m going dissect this further and describe the three most common CISO types I’ve seen in my 25 years in industry.

Topics: application security

Most Recent

What's Trending

Featured Resource