Security Analyst Paul Watts on How the CISO’s Role Is Connected to the Business
Security is about more than technology, said Paul Watts, a distinguished analyst at the Information Security Forum. It’s also about people and process, he said, with the ultimate goal of adding value to what the business is trying to do.
Watts said his advice to security leaders – a term he said is more inclusive than “CISOs” – on how to achieve this goal is: “Put yourself in the business’s shoes. Be curious. Listen. Learn.” He said security leaders should pursue a “broadness of skills” rather than just focusing on the technology needed to add and remove security controls and meet regulations. Security leaders should be aware of costs and risks, he said – and if a business is in a situation where it needs to take on more risk, the security leader should support that.
In this video interview with Information Security Media Group, Watts also discussed:
- How adding creative people to the security team can help connect security to the business;
- Why security leaders need to learn the language of business;
- The need to market cybersecurity careers to future leaders as being about more than just pen testing.
Watts has over 28 years of experience in information technology. He previously worked at Mimecast, Kantar and Kingsbridge Educational Trust.