Why It’s So Hard to Fill Chief Security Officer Positions

By on

holeby Angela Guess

Dominick Paul recently wrote for Forbes, “Information technology is a hot industry. Professionals in this industry can go far, make their mark, reach the top of the heap … pick the idiom of your choice. But there is an information technology job no one wants. Surprisingly, it’s not the grunt work of repetitive coding, installing patches, or polishing the servers (just kidding). The job no one wants in IT is to be responsible for security within their environment. Maybe in your company that’s the Chief Security Officer (CSO) or the Chief Information Security Officer (CISO) position. Whatever the title, it’s a job very few people are willing to fill.”

Paul goes on, “There’s no surprise here. Every CISO – we’ll use that title for convenience – basically sits in the eye of a hurricane these days. They are buffeted by the high winds of security regulations: Sarbanes Oxley (SOX), Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), Control Objectives for Information and Related Technology (COBIT), International Organization for Standardization (ISO) 27001 … the list goes on and on.”

He adds, “CISOs never have a moment when their thoughts are not filled with application interfaces and application security, business continuity and disaster recovery, data security, information life cycle management, data inventory and data flow, identity access management, credential management, and all the other aspects of the complex systems and networks that undergird business today. For each and every one of these factors, CISOs must identify controls, define policies, and put in place procedures.”

Read more here.

photo credit: Flickr/ ~~Tone~~

Leave a Reply