A CISO’s Day at the Fair

Published On: March 10, 2017

By Ed Snodgrass, CISO, Secure Digital Solutions

Last summer I played ‘whack-a-mole’ at the State Fair.  The objective is simple – hit as many ‘moles’ as you can in the allotted time and the more you hit, the greater the measure of ‘success’.  But what’s the ultimate objective?  The moles will just keep rearing their heads so long as the game is plugged in to the wall.  Is the measure of success to hit the greatest number of endless moles – requiring more people with more hammers – or to unplug the game, stopping the moles for good and eliminating the need for a hammer altogether.

In a perfect world, we as security leaders would be able to simply unplug the proverbial game and stop the moles, but that’s not always feasible. On some projects though, it might be. The real challenge is that there’s a preconceived notion of what the rules of the game are. They’re accepted at face value. The only way to deal with the mole problem is ‘x’ or “It’s always been done that way.” And when we step up to the game and give the attendant our money, the idea of unplugging it probably never crosses our minds.

There are virtually no limits to the number of “games” you have to play as a security leader, but as I have learned the rules are often stacked against us when it comes to security project success.There is good news, but the solution may not be the one funding the after party at the next security conference. It may not be sexy, or the coolest thing to talk about with your peers, but it’s a cornerstone of project success – communication. A recent article on Fortune.com agrees.

“The biggest positive change any organization can make,” the BAE report summed up, “is not necessarily to buy the latest and greatest security product, but to improve its own internal communications.”

So, the moral to the story? No matter how much we spend on the latest and greatest technology, it won’t yield maximum value on its own. To get maximum value from our limited budgets, we need to make sure we are communicating why we are doing the project and the value it delivers to the business. In other words if the goal of the project is to unplug the game, we cannot expect to achieve project success if the business communicates that the goal is to continue whacking the moles. I’ll take the ROI from a security project that isn’t “cool” but demonstrates clear business alignment and communicates value to the business any day, versus a project implementing the latest technology that is being pushed by millions in marketing, endless emails, and voicemails.

This is one of many challenges in our industry that I am passionate about solving and why we developed the TrustMAPP platform.

Browse These Topics

Tags

boost the protection of your data bridge the gap in your information security challenges build a cyber safe firm business decisions around security Challenges Facing Chief Information Security Officers CISO program efficacy CISO program management cyber security cyber security goals Cybersecurity management Cyber Security Mistakes cybersecurity performance management cyber security platform cyber security team Effective Data Security Measures effectively communicate with board members regarding cyber issues or threats elevate your security confidence elevating information security elevating your information security levels Identify Potential Security Weaknesses Implementing a Comprehensive Cyber Security Plan Implementing Strong Cyber Security Protocols Implementing strong security software protocols improve cyber security protocols Information Security Programs information security protection agency information security risk management information security solutions information security trends managing your information security effectively maturity of your information security and privacy programs measure security levels measure your security proprietary software can help you to protect your company Protect Against Costly Security Breach Protect Customer Data Protect Cyber Network risk management advisor risks of a data breach roadmap to better information security robust security monitoring service successful information security technology advancement top notch security software for your company traveling to high risk countries