Recently, I listened to a podcast by Dr. Eric Cole, called Cyber 9/11. In it he discusses what makes the difference between a ‘world class CISO’ and a ‘world class security engineer’. It’s all about the business. A CISO can’t walk into the board room and start talking about all the technical vulnerabilities or dangers of technologies, operations or development. They have to speak in terms that business professionals will understand or they won’t get any positive results. A CISO needs to be able to explain how a risk will effect the bottom line, and why implementing security can reduce that risk.
This is what ignited my brain when I was studying for the CISSP. Learning those risk formulas, showing how purchasing a security technology now will save the company money for a period of time, was all exciting to me. Learning business terms, and how to think like a manager to pass the test was what made me decide to shift my career. It’s all about thinking strategically, and not tactically.
As a product owner, my focus is driving the teams execution. I live in that tactical zone, making short term decisions reacting quickly to changing operational information. It’s completely shifted my brain towards that one way of thinking. I’m going to have to really go back to the drawing board and retrain my brain to get back to that strategic level again. Stay tuned for new content revolving around agile and cyber management topics.