New Focus: Training the CISO
Two Major Universities Unveil Infosec Leadership ProgramsA new focus is being placed on educating the bosses - chief information security officers and CISO aspirants - as information security becomes more vital to all types of enterprises.
See Also: Preparing for New Cybersecurity Reporting Requirements
Two educational institutions - Carnegie Mellon University and the University of Maryland - announced this week programs aimed at providing the necessary skills for those who lead IT security initiatives. Both institutions will hold classes beginning this fall in the Washington, D.C., area, where a high concentration of IT security professionals, many of whom may have their sights on leadership roles, live and work.
CMU's Heinz College CIO Institute is offering a CISO Executive Education and Certification Program. Maryland's Smith School of Business is offering a Graduate Certificate of Professional Studies in Cybersecurity Leadership.
These programs come at a time when organizations not only can't find enough IT security professionals to hire to meet their needs [see Infosec Job Growth Appears to Be Flat], but often lack the leadership to oversee IT security initiatives. In California, state CISO Keith Tresh points out that some state agencies have information security officers that lack IT expertise. His office is working with the state Office of Professional Development to provide the training to get under-qualified ISOs the needed skills [see Getting California ISOs Up to Snuff].
Sandor Boyson, academic co-director of the Maryland program, says organizations need leaders capable of designing and operating more resilient information technology systems that can withstand threats from hackers and business interruptions of all kinds. "Threats to cybersecurity are far greater than just technical concerns, impacting economic competitiveness, diplomacy and national security," Boyson said in announcing the program.
Still, having a better informed CISO goes only so far toward an enterprise protecting its critical digital assets. "Having CISOs or CIOs with good security background is helpful," says Eugene Stafford, executive director of Purdue University's Center for Education and Research in Information Assurance and Security. "But unless the CEO and board of directors take security seriously, and view it as a fundamental aspect of business preservation and growth, then it isn't enough. Given the importance of computing in today's market, and the increasingly sophisticated and widespread threats, protecting IT and intellectual property within it are now a fundamental aspect of any significant enterprise."
Carnegie Mellon's program will emphasize strategic cybersecurity management through an independent concentration centered on leading edge research by its faculty and researchers. According to CMU, the curriculum consists of 12 full-day classes over four months. Each class focuses on a specific subject and business case chosen by the instructor that addresses real-word cybersecurity challenges. Students will design, develop and enact a project that demonstrates application of CISO skills and knowledge within a real organization or work environment.
The Maryland program is based, in part, on research conducted by Boyson and co-director Hart Rossman in cooperation with the National Institute of Standards and Technology. "Sensitive security information and skills can no longer be confined to the IT department," Rossman says. "The country - and the world - needs cyber specialists who can think strategically, communicate opportunities and risks effectively and lead enterprise-wide initiatives."
Nine of the 15 credits needed to complete the Maryland program can be applied toward a master's degree. The program will launch with an intensive, day-long boot camp session where participants will map out a personal leadership development plan. Courses cover systems thinking and design, information cybersecurity technology, supply chain risk management and federal IT acquisition, according to the school. Additional support will be offered in the areas of leadership communications, managing innovation, leading change, negotiation and partnering, collaboration; and strategy. The program wraps up a with the team-based capstone leadership project.