What Would the Original CISO Do?Steve Katz on What It Takes To Be a CISO Today
So, in this post-Target world of retail breaches, advanced threats and polymorphic malware, what would the first CISO want to say to today's generation of security leaders - besides "Good luck?"
Steve Katz, former CISO at Citigroup and Merrill Lynch, starts with a quote from Alfred Sloan, the late CEO of General Motors.
"He had a plaque on his desk that read 'When you stop getting better, you stop being good,'" Katz says. "Now more than ever, the CISOs recognize they are on an incredible journey, and they have to keep getting better every day."
The threat landscape has evolved tremendously since Katz took on his first, groundbreaking CISO role. He was worried then about computer viruses and mischievous hackers. Today's security leader has to deal with hacktivists, organized crime and even state-sponsored attacks. The threat evolution has bypassed enterprise security controls, creating a gap that today's security leaders must bridge. Katz most recently served a stint as interim CISO at a major healthcare organization, and he sees a common security gap to fill.
"It comes down to the data," Katz says. "How effectively are you protecting access to data? How effectively can you ensure the integrity of that data? And how effectively can you ensure the availability of that data?"
In an interview about what it takes to be a CISO today, Katz discusses:
- The state of information security today;
- The biggest gaps between threats and security controls;
- Key advice for today's security leaders.