Using the Internet, find a recent feature article about a CISO or other IT profe

Question

Using the Internet, find a recent feature article about a CISO or other IT professional with CISO job functions. If you work for an organization, you may use your CISO (a personal interview would be excellent). Write a short summary of that individual and how he or she came to hold that position. Include current responsibilities. If you are able, include job challenges and experiences. The publications ComputerWorld and Information Week often have these kinds of features.

Specifications:

1.5 spacing, size 11 font

1-2 pages (at least 1 full page, but no more than 2 pages)

Your name in the header with the date

Explanation / Answer

Paul Rivers is a man with experience. He has an experience of 25 years in the IT and Information Security industry. He has been with financial services, higher education and security consulting. Currently he is a CISO at Yale University.  

Paul describes how he would like to work with the people who understand how things work and know how to break them. He compares technical superstars to 'raw energy' which can be channeled to useful or destructive purposes when he was asked whether he would like to hire a hacker. He explains why it is important for a technically strong person to have a good judgement about risk, understanding of rules of the organisation, etc.

Paul believes one of the main tasks of a CISO is ensuring that information is presented and understood at the right levels within an organisation. He explains how it is important to bridge the gap between the technical and non technical members of the organisation and make everyone aware about the challenges in information security.

The biggest challenges that Paul faced while making a shift from financial sector to teaching and research institutions is cultural. He explains top research and teaching institutions behave like a collection of small and independent start-ups unlike financial services sector organisations who have a single mission for the entire mission. He explains the challenges in adapting to the new culture where missions are diverse and often unrelated across various departments.

Budget is always a challenge when working for a research and teaching institute, but that is true at other sectors as well says Paul. There are some inherent characteristics about top tier universities which make them challenging in the context of information security.

Practice is the key to handle the information security breach according to Paul. Practising must involve people from different departments including CEO, Legal, Public relations,etc. You do not want to be a position of figuring out every thing in a live security breach. Talking with other CISOs who have been through public breaches is important.

"Security is everyone's job" is a slogan very popular amongst information security professionals. People who are not involved in IT and security must also understand their roles and responsibilities in managing information security. Security scales from a single team to the organisation when the entire organisation has a concrete role in managing cyber risk.

The openness of higher education and universities is a challenge from the security point of view. It introduces more risk. He believes it is important in higher education to be able to triage all assets and devote the resources in securing the high risk assets.

Link to the interview: http://securityaffairs.co/wordpress/65390/breaking-news/interview-ciso-yale-university.html

Note: Please adjust the font size and spacing accordingly.

Related Questions

Navigate

• Browse (All)
• Browse U
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.