The Field Report with Tom Field

Which Comes First - the Banker or the Security Professional?

Which Comes First - the Banker or the Security Professional?

Say, you need to hire your next CISO. Do you hire a security executive who can learn banking, or a banking executive who can pick up the necessary security skills?

Let me back up: This question first arose when a security consultant friend visited a newly-hired bank CISO. We're talking a decent-sized institution here. But when the consultant asked some pertinent questions about banking operations ... well, it was clear that the CISO didn't even know how a check was processed. He was a security guy, fumbling to learn his banking business on the job.

So, we wrote a story about the topic, threw this question out to our readers, and here's some of what we got back:

"Without knowledge of banking, the CISO would have difficulty understanding the information they were hired to protect."
"Discussing whether we need an IT or Banking guy is like discussing whether a mechanical engineer or an electrical engineer would be better for teaching physics."

I don't say anyone is right or wrong, but I do point out: Increasingly, information security is a board-level issue. Top business leaders at banking institutions are having their feet held to the fire about security and compliance, and so you can bet that they're inserting themselves in lots of conversations about security matters. And whomever they're speaking to better be prepared to respond in the language of business - of banking.

As one banking/security leader told me just last week, "We really should be pursuing MBA's more than we should be pursuing Masters of Computer Science at this point."

This individual has worked with many banking institutions globally, and he says far and away the best CISO's he's seen have been bankers first, security professionals second. "If you understand that information security is only 25% technology, 75% people, process, procedure and policy, that alone drives you to understand that the person that is going to be successful is the person who understands the business and not the person who understands the technology."

Any dissenting opinions?

About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.