CISO Trainings , Events , Infosecurity Europe Conference
The New Security Leader: Less Techy, More Business-Savvy
Paul Watts of Information Security Forum on Balancing Cyber Risk and Business GoalsSecurity leadership has evolved significantly in recent years, moving beyond technical expertise to strategic partnerships within organizations. Security professionals now articulate business value and align with organizational objectives, according to Paul Watts, a distinguished analyst at the Information Security Forum.
See Also: OnDemand | Old-School Awareness Training Does Not Hack It Anymore
"The ratio between technical and business acumen for security leaders is changing. Technical ability is not necessarily a barrier to entry for security leaders," he said. "There are CISOs coming into the industry and into these leadership roles without a massive technical background."
Watts foresees a shift toward decentralized security management models, promoting agility and integration with business processes.
"There's a role called business information security officer," Watts said. "It's an increasingly fashionable interface between the security function and the business process. These are people who are taking a business-first, security-second approach to balancing risk with reward."
In this video interview with Information Security Media Group at Infosecurity Europe 2024, Watts also discussed:
- The ongoing debate about the CISO's role on a corporate board;
- The need to balance technical risk management with broader business objectives;
- The challenges security leaders face due to the stressful nature of their roles.
Watts has worked in information technology for more than 28 years, 17 of which have been as a security executive and CISO in a range of sectors including financial services, retail, critical national infrastructure, food and beverage, data analytics and market research.