Out of Focus

By Kevin Coleman
September 18, 2016

CSOs’ and CISOs’ responsibilities are very broad and highly dynamic. As technologies emerge, new schemes, scams and vulnerabilities pop up, CSOs and CISOs are challenged to rapidly respond, identify new issues and mitigate threats. Let’s face it: their plates are quite full. With the expanded threat environment and the continuously increasing number of information assets, CSOs and CISOs have become laser focused. What I find most interesting is that while the threat environment is expanding and the number of information assets continue to increase – budgets have not kept up. I do not know any CSO or CISO that has said "I have all the funding I need to protect my organization against cyber threats." If that has happened, it has to be very rare.

Given the lethargic economic conditions, increased global competition, and the general business environment, organizations still tigthen their budgetary belts. The trickle down implications have taken its toll on security budgets. While it may have begun with delaying new hires for the enterprise security department, some organizations have and continue to see staff reductions. Another common occurrence is the merging of security departments operating within a branch, division or sister company to one security department spanning those previously separate areas. And along with that reorganization comes staff reductions.  

An interesting comment was made recently while I was speaking on digital transformation. A female executive in the audience mused that high blood pressure and stress have now become occupational hazards for everyone involved in security. That is not far from the truth. With all of the new IoT devices, robots, wearable technology and more moving into the business environment, it is easy to see how the additional challenges could further raise blood pressures and stress levels.

CSOs and CISOs must open their vision and look at what is coming in the next three to five years. That requires a fair amount of online research and attending physical and virtual conferences. Once you determine the potential implications of all of this on security for your organization, you should estimate the risks and appropriate step to manage those risks. After all that work is done, analysis must be communicated to the organization so that other executives are aware of those risks, understand them and can plan and budget for them. YES – that is a substantial amount of work required, but your only other choice is to take a purely reactive approach. Surprise requests for budget increases do not go over well in any organization. In fact, they are a CLM, a Career Limiting Move! 

KEYWORDS: Chief Security Officer (CSO) CISO security budget threats

Kevin Coleman is a dynamic speaker, author, advisor, and visionary that provides riveting insight on strategy, innovation, and the high velocity technology. He was Chief Strategist at Internet icon Netscape and at another startup that grew to be BusinessWeek’s 44th fastest growing company. He has spoken at some of the world’s most prestigious organizations, including the United Nations, the U.S. Congress, at U.S. Strategic Command, and before multiple Fortune 500 organizations and briefed executives in 42 countries around the world.

Blog Topics

Security Blog

On the Track of OSAC

Blog Roll

Security Industry Association

Security Magazine's Daily News

SIA FREE Email News

SDM Blog

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!