Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Wells Fargo CISO: Security should be viewed as business enabler, not innovation bottleneck

Matthew Finnegan | April 8, 2015
Baich said that security should be seen as a "business enablement" function within the enterprise, able to support growth initiatives.

"The role is becoming a very important one. One of the big indicators is that people with cyber security experience are being asked to be on public boards, to help them understand the risks that are associated with technology and security. The role is moving to the upper echelon," he said.

"Years ago you were trying to explain what the potential threats were. Today, you don't have to do that because the newspaper does it for you. So when board members today read about those things, they are thinking 'what is happening in this company, I would like to understand what we are doing, how are we closing those gaps, and what type of help do we need to get there?'. Those types of conversations weren't necessarily happening five or ten years ago."

'Voice of reason'

However, to ensure trust of the wider business, a key responsibly for successful CISOs is to provide a sense of perspective on risk.

"First of all, be factual. Provide trustworthy information on the material state of the environment," said Baich. "There are various tools and technologies out there to help you do that, but try to shy away from opinion and personal view: here is the material state, here are the gaps, here are the recommended steps and here is the funding timeframe to get there. You have to be able to come in and not just identify the issue, but come up with a plan for how to resolve it."

"Second, not everything is 'the sky is falling'. They have to be the voice of reason. The most successful CISOs I know are actually calming the organisation, because when a 'Heartbleed' hits the press, people want to stay up for the next 18 days to secure their environment, but there are other vulnerabilities that are equally as bad that they have to get to.

He added: "Being a voice of reason is important, because if people go online they see all of these breaches and the reality is that there is risk with anything."


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.