BY STEPHANIE HADLEY, CONTENT MARKETING MANAGER
WILL AN MBA DEFINE OUR FUTURE SECURITY LEADERS?
What if I told you the next great security leader was a broadcast journalism major teaching high school students about video production last year? Are you dubious?
In our year-long conversation with current CISOs at enterprise organizations, the definition of a perfect security candidate has begun to emerge. Over and over again we hear CISOs say they are looking for team players who are strong communicators and advocates for security. They seek people who are capable of leading a discussion, and explaining the value of security in a simple and clear manner. Strong communication and business-savvy skills take priority over technical mastery. So, is a broadcast journalism major who teaches high school students really that unorthodox as a security leader?
This broadcast journalism student embodies all of the skills our future security leaders will need, according to her professor, Dr. Corey Schou, PhD, University Professor of Informatics, and a Professor of Computer Science at Idaho State University. Dr. Schou is also the Director of the National Information Assurance Training and Education Center at Idaho State University. The Center is shaping the next great set of security leaders via a partnership with the Federal Government. In exchange for a commitment to serve in the Federal Government, students in the program receive a scholarship to one of the nation’s first security-focused MBA programs. The two year MBA program, which requires all of the traditional MBA coursework plus extensive time in Schou’s security lab, makes passing the Security+ test and CISSP certification a requirement. After serving in the Federal Government, Schou reports most of his students have achieved CISO-level agency positions within five years and students are free to take their MBA and vast hand-on experience to the private sector.
THE VALUE OF AN MBA IN INFORMATION SECURITY
Just four years ago, 3 out of 4 CISOs said an MBA was not needed to be an effective CISO, according to an informal survey by The New School of Information Security. While it still may not be a requirement, business skills are an increasingly larger part of the equation for a successful CISO. Professor Schou states, “If a security project is necessary, you don’t have to explain that to another computer geek in the company, you have to explain that to senior management, and to finance. So we make {our students} learn finance.” When it comes to carving out an executive management position, Schou says, “You have to have business skills or you will forever be a technician.”
In addition to Idaho State, other Universities are now providing technical students with the business skills they need to be CISOs, and providing business students with critical Information Security knowledge. Bill Clements, Dean at Norwich College, which has a nationally recognized cybersecurity program says, “Cyber awareness is a contemporary issue and we need to be educating all of our students about it, not just those in our information security program.” James Madison University, Worcester Polytechnic Institute, and several other universities also offer graduate level course work or MBAs focused on cyber security.
TRANSLATING ACADEMIC TRAINING TO BUSINESS SUCCESS
Many of today’s cybersecurity practitioners lack formal training or security-focused degrees, and have had to learn on the job. In large part they have been able to tailor the role to fit their unique skill set within the IT organization. Increasingly, the CISO role has gained prominence, with greater access to the executive team and the Board, and greater visibility within the company as a whole. With greater visibility, expectations for the role have increased as well. Executives now expect the CISO to participate in strategic conversations as a business leader with technical acumen. CISOs, like those who attended our CISO Leadership Summit, are making significant advancements in moving the security conversation from one of technology tactics to risk-based business strategy.
Young security professionals have an advantage in that critical success factors of the role have been articulated for them. While learning on the job will remain an essential component of CISO training, they will also benefit from years of classroom-based education and review of the case studies that came before them. Those emerging CISOs who are able to relate security practices to business goals and correlate security functions to business risk, will be the professionals most likely to be welcome in the Board room and become the next wave of security leaders.
BE PREPARED
WONDERING WHO WILL BE CISO IN 2040?You might want to check your local Boy Scouts of America organization. Professor
Schou reports that in his program more than 80% of all his students were in the Boy Scouts or an equivalent scouting program, such as the Girl Scouts. Boy Scouts are
taught to be leaders. They are knowledge seekers, able to adapt to any situation and capable of addressing challenges as they present themselves. Sound familiar? Security professionals are wise to adopt the program’s motto, “Be Prepared”.
Subscribe
Stay up to date with cyber security trends and more