What Would the Original CISO Do? Steve Katz on What It Takes To Be a CISO Today
What Would the Original CISO Do?
Steve Katz

So, in this post-Target world of retail breaches, advanced threats and polymorphic malware, what would the first CISO want to say to today's generation of security leaders - besides "Good luck?"

Steve Katz, former CISO at Citigroup and Merrill Lynch, starts with a quote from Alfred Sloan, the late CEO of General Motors.

"He had a plaque on his desk that read 'When you stop getting better, you stop being good,'" Katz says. "Now more than ever, the CISOs recognize they are on an incredible journey, and they have to keep getting better every day."

The threat landscape has evolved tremendously since Katz took on his first, groundbreaking CISO role. He was worried then about computer viruses and mischievous hackers. Today's security leader has to deal with hacktivists, organized crime and even state-sponsored attacks. The threat evolution has bypassed enterprise security controls, creating a gap that today's security leaders must bridge. Katz most recently served a stint as interim CISO at a major healthcare organization, and he sees a common security gap to fill.

"It comes down to the data," Katz says. "How effectively are you protecting access to data? How effectively can you ensure the integrity of that data? And how effectively can you ensure the availability of that data?"

In an interview about what it takes to be a CISO today, Katz discusses:

  • The state of information security today;
  • The biggest gaps between threats and security controls;
  • Key advice for today's security leaders.
Katz, who most recently joined the advisory board for CSG Invotas, has more than 30 years' experience as a CISO in the financial services sector and is widely recognized as the nation's first CISO. He organized and managed the information security program at JP Morgan. He then served as Citi's first CISO, during which time he built the first information security program in the industry. After Citi, Katz became the chief information security and privacy officer at Merrill Lynch, where he instituted a companywide privacy and security program. He has testified to Congress on information security issues and was appointed Financial Services Sector Coordinator for Critical Infrastructure Protection by the Secretary of the Treasury. Katz currently serves as executive adviser at Deloitte and an adviser to the executive committee of the Financial Services Sector Coordinating Council, or FSSCC. He is a member of the Avior Computing board of directors, and an advisory board member at Xceedium, Agari and Fortscale.




Around the Network