Foreword

Newly promoted CISOs rapidly realize that the scope of the position they have taken on is often beyond what they have been prepared for. The nature of securing an enterprise is daunting and overwhelming. There are no simple checklists or roadmaps for success. Many of the technical security skills a CISO has acquired during the early portion of his or her career may provide a “sixth sense” or intuition, but technical expertise alone does not prepare the CISO for the business and leadership challenges required for success.

The Dunning-Kruger effect “is a cognitive bias in which unskilled individuals suffer from illusory superiority, mistakenly rating their ability much higher than average” (Wikipedia). Successful CISOs generally realize and admit to themselves how much they don’t know. In my career, I have met many senior security professionals and have noticed a common set of traits among those who are successful.

They generally exhibit a strong sense of curiosity, the ability to be self-aware, the ability to “think evil” (like the adversary), and have strong communication and critical thinking skills. They are open to new ideas, they invite debate, and they are adaptive in their thinking and positions when new information is presented. They develop leadership skills and build structures that enable balance. They also recognize talent and surround themselves with teams of capable security technologists who are the true experts. Excellent security leaders have learned that risk is not black-and-white and that balance needs to be applied. They are empathic and likeable. My friend Malcolm meets all these criteria.

In Managing Risk and Information Security: Protect to Enable, he distills the hard-acquired knowledge he has learned through his career as a business and security leader into a concise framework that enables CISOs to cut through the chaos of securing the enterprise. Absorb the lessons in this book and enrich them by continuing to experiment and innovate. Threats, organizational dynamics, and technology are constantly evolving and we as security professionals must apply the lessons outlined here and continuously adapt ourselves to the challenge.

—Patrick Heim

Chief Trust Officer

Salesforce.com, Inc.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset