Profiles in Leadership: Shannon LawsonPhoenix CISO on Navigating the Public Sector Security Landscape
Governance issues for public sector CISOs tend to focus more on shifting culture rather than maximizing efficiency for shareholders, as is expected from private sector security leaders.
The heightened visibility of an incident means municipal CISOs must ensure due diligence around procurement and deployment, so they can effectively explain their processes and answer questions from the city council in the event of a security incident, according to city of Phoenix CISO Shannon Lawson. He says effective security leaders can translate technical protection requirements into business terms that someone with an MBA can understand (see: Atlanta's Reported Ransomware Bill: Up to $17 Million).
"I've seen other CISOs try to pretend they know things that they don't," Lawson says. "One thing that distinguishes me from other security leaders is that I know where my technical limitation is, and I'll ask other members of the security department to explain something to me, walk me through it. And they appreciate that, and I appreciate them."
In an interview with Information Security Media Group as part of the CyberEdBoard's ongoing Profiles in Leadership series, Lawson talks about:
- How to translate security requirements into business terms;
- The areas of cybersecurity he's most passionate about;
- Advice for aspiring CISOs or those entering the profession.
Lawson is responsible for the information security and privacy programs for the fifth-largest city in the United States, which contains more than 30 city departments that service the needs of 1.7 million residents. Prior to coming to Phoenix, as the inaugural CISO for the state of Alaska, he was chosen to prepare and lead an aggressive security modernization program to help the state improve its information security posture. Lawson's previous positions include director of cybersecurity at the Naval Information Warfare Systems Command, command information assurance manager for Naval Information Warfare Center Pacific, roles at Asugar Technologies and SAIC, and membership on the National Security Agency's Red Team. He also served in the U.S. Navy as a cryptologic technician and an information warfare officer.
CyberEdBoard is ISMG's premier members-only community of senior-most executives and thought leaders in the fields of security, risk, privacy and IT. CyberEdBoard provides executives with a powerful, peer-driven collaborative ecosystem, private meetings and a library of resources to address complex challenges shared by thousands of CISOs and senior security leaders located in 65 different countries worldwide.
Join the Community - CyberEdBoard.io.