How we Measured Progress in 2016
When CISOs complete projects they should reassess their security programs, since the playing field has likely changed. With any type of project, the risk landscape is modified and affects the organization. This in turn means the approach moving forward must align to any changes. Each time CISOs complete a project, they earn the right to stop and assess where their program is, and where it is headed.
Some CISOs are already taking this approach. For them, tracking progress is an exercise in adaptability. Our industry simply moves too quickly to set specific plans for even a year out. DocuSign CISO Vanessa Pegueros tells us she is focused on agility and growth, just like the company itself, “We are a high growth, fast moving company, so I ensure we have an agile roadmap and planning horizon. Things can change quickly, so we must be flexible since new priorities and challenges can come from every business deal. One of my biggest realizations is instead of a one year roadmap, I narrow them down to the current quarter and two quarters that follow. I don’t push my team to predict the future anymore.”
When CISOs look beyond their own organizations, to the progress our young industry has made there is a lot of excitement and optimism for the impact security professionals will have on business in the next few years. For example, Steve Bartolotta, CISO at CHNCT says, “The major trend I am hearing about is that more and more CISOs coming out of the IT department. I would estimate 50% of my peers are no longer [coming from] IT, which is great.” For Bartolotta and his peers though, it’s not just about having autonomy outside of IT, it’s about making progress with the Boardroom. “At every forum I attend, boardroom reporting and visibility is always at the forefront of discussions.”
Within this Feats of Strength, we have reconnected with Pegueros, Bartolotta, and some of the other CISOs we profiled before, to understand the milestones they have reached in the last year, and how those accomplishments have changed their landscape. Also in the magazine, we profile leading CISOs like Corey Scott of LinkedIn, who says that, he is tracking internal and external milestones, and communicating them company wide, “We report on our performance to my direct manager and CEO, but also horizontally to the head of IT, legal counsel, the internal audit committee and engineering leadership. We want a lot of people to be aware of our organization’s performance.”
Security professionals lived 2016 at lightning speed, just like they have every year for the past decade or more. The pace of rapid change and innovation in our industry is staggering. The progress – both tactical and strategic - is dramatic, but there is still more to be accomplished. As our industry continues to move things forward, we must remain focused on our joint objective - to improve business operations through security innovations. With that objective as their focus, CISOs in 2017 will continue to amass milestones, reassess their posture, and make further advancements.
Subscribe
Stay up to date with cyber security trends and more