M both strategic and somewhat unique . Traditionally , these roles are treated as distinctly separate areas of responsibility , however , we ' ve deliberately chosen to have a single executive responsible for the overall technology of our company , while ensuring we provide the necessary IT solutions and services to our employees in a secure manner . This ties back to our overall philosophy that security is not just the responsibility of the CISO and security function , but that it must be a company-wide priority and responsibility for smooth operations .
The continued evolution of IT means that no longer is it simply a matter of IT departments having the sole responsibility for providing the hardware and software to end-users . Today , we ’ re dealing with never-before-imagined
CISOs must now work to determine where the organisation ’ s core business processes are hosted and how the backup and recovery of those environments and systems can be managed . levels of flexibility owing to paradigms like remote and hybrid work , Bring Your Own Device ( BYOD ) and cloud computing . This has expanded the security perimeter beyond what CISOs have direct control over – especially when you have SaaS applications and infrastructure in the cloud . CISOs must now work to determine where the organisation ’ s core business processes are hosted and how the backup and recovery of those environments and systems can be managed . This is significantly more complicated than when things were on-premise and applications were hosted behind the four walls of the organisation .
So today , the most important aspect of my role as CISO is to ensure my business partners have a detailed and precise understanding of our organisation ’ s security posture and how the technologies and processes we have in place support their business objectives . For a CISO , there ’ s perhaps nothing more important than framing your organisation ’ s security posture within the context of the business , so that non-IT business leaders can
BRIAN SPANSWICK , CISO AT COHESITY
For a CISO , there ’ s perhaps nothing more important than framing your organisation ’ s security posture within the context of the business .
participate in security-related decisionmaking that aligns with their business goals . This also means a change in mindset and learning new management skills . Once you step beyond the domain of purely being a security or technology leader , you need to be able to correctly articulate your point of view . With cybersecurity , you can never state anything with 100 % certainty ; many security professionals are wary of taking a strong stance . However , to appeal to business leaders , this is essential . CISOs often work hard to provide the facts and leave it to their partners to draw their own conclusions . But doing so would be failing to recognise that these peers don ’ t have the same security acumen . Strong security leaders aren ' t afraid to have a point of view , they state their assumptions and describe the context within which they draw their conclusions .
Finally , it is vital that CISOs keep learning . My approach to learning is a mix of wide engagement with the CISO and InfoSec community to discuss the latest cyberthreats and challenges , including through events , while I also make a conscious effort to do selflearning or research into current trends , techniques and threats . u