We keep hearing the mantra that CISOs and CSOs need to be business leaders. So how come we keep seeing job descriptions and hearing about interviews that focus on the technical certifications like the CISSP and many others? That's exactly the question posed in a post on LinkedIn that caught our attention - and that of many others!
Join us for a candid conversation with the post's author, a current CIO and CISO, Brian Bobo, as we explore the realities of what a CISO should be focused on and why relying on a technical security certification could turn the business looking in the wrong direction and leaving their risk profile in a bad way.
From The LinkedIn Post I don’t post much but I need to go on a bit of a rant. I earned my CISSP years ago. As I am updating my CPEs to stay current I realize that almost nothing I do as a CISO counts for CPEs, I don’t even see a place to document incident management. And what does count can only really be categorized under the Security and Risk Management domain. Presenting, educating, serving on ISC(2) boards are all well and good but they still don’t make me a better CISO. There is nothing about strategy, leadership, presenting to a board, incident management, etc. As a CISO, strategy and leadership should be your focus. You should hire then allow and enable great people to do their jobs. So we need to STOP requiring Directors and above to have a CISSP and start thinking about these as leadership positions with a security focus.
____________________________
Guest Brian Bobo On LinkedIn | https://www.linkedin.com/in/brianbobo/
____________________________
This Episode’s Sponsors
Imperva: https://itspm.ag/imperva277117988
HITRUST: https://itspm.ag/itsphitweb
____________________________
Resources
LinkedIn thread that inspired this conversation: https://www.linkedin.com/posts/brianbobo_stop-requiring-cisos-to-have-a-cissp-i-don-activity-6841017539837997056-HGwu/
____________________________
To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at: https://www.itspmagazine.com/redefining-cybersecurity
Are you interested in advertising on ITSPmagazine? 👉 https://www.itspmagazine.com/sponsorship-introduction
Are you interested in sponsoring an ITSPmagazine podcast? 👉 https://www.itspmagazine.com/podcast-series-sponsorships
We keep hearing the mantra that CISOs and CSOs need to be business leaders. So how come we keep seeing job descriptions and hearing about interviews that focus on the technical certifications like the CISSP and many others? That's exactly the question posed in a post on LinkedIn that caught our attention - and that of many others!
Join us for a candid conversation with the post's author, a current CIO and CISO, Brian Bobo, as we explore the realities of what a CISO should be focused on and why relying on a technical security certification could turn the business looking in the wrong direction and leaving their risk profile in a bad way.
From The LinkedIn Post I don’t post much but I need to go on a bit of a rant. I earned my CISSP years ago. As I am updating my CPEs to stay current I realize that almost nothing I do as a CISO counts for CPEs, I don’t even see a place to document incident management. And what does count can only really be categorized under the Security and Risk Management domain. Presenting, educating, serving on ISC(2) boards are all well and good but they still don’t make me a better CISO. There is nothing about strategy, leadership, presenting to a board, incident management, etc. As a CISO, strategy and leadership should be your focus. You should hire then allow and enable great people to do their jobs. So we need to STOP requiring Directors and above to have a CISSP and start thinking about these as leadership positions with a security focus.
____________________________
Guest Brian Bobo On LinkedIn | https://www.linkedin.com/in/brianbobo/
____________________________
This Episode’s Sponsors
Imperva: https://itspm.ag/imperva277117988
HITRUST: https://itspm.ag/itsphitweb
____________________________
Resources
LinkedIn thread that inspired this conversation: https://www.linkedin.com/posts/brianbobo_stop-requiring-cisos-to-have-a-cissp-i-don-activity-6841017539837997056-HGwu/
____________________________
To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at: https://www.itspmagazine.com/redefining-cybersecurity
Are you interested in advertising on ITSPmagazine? 👉 https://www.itspmagazine.com/sponsorship-introduction
Are you interested in sponsoring an ITSPmagazine podcast? 👉 https://www.itspmagazine.com/podcast-series-sponsorships
Nyd den ubegrænsede adgang til tusindvis af spændende e- og lydbøger - helt gratis
Dansk
Danmark