I've tried for a good 15 minutes to post a comment on the HP site, but I'm being cockblocked pretty hard by captchafail (the sound one literally just made me laugh and give up; also reload and you'll see maybe 1 real word out of 20, and about 1 in 8 that throw in symbols or punctuation, wtf) and a general inability for Linux+Firefox to actually get the comment to work on this site. So...I'll post it here!
This is in response to
Blending in with the furniture - responsibility vs capability in the CISO role.
"Great intro, and I think you framed the situation pretty much exactly for many CISO's or even security-minded persons in SMBs that don't have dedicated teams.
If I had to throw out a guess/suggestion on where you'll go to be a catalyst for change, I'd toss out the ability to have truly talented staff. That's not to say you need rockstars in the community, but rather strong IT-minded people who can troubleshoot issues and advise the rest of IT on things. I really think security people are often treated much like consultants, even when they're internal. Things go wrong? Blame security and their tools. But the secret side to that is it gives your team a chance to help out directly. It's not about showing up the other IT teams as being dumb, but rather positioning your team as being the experts and good people to turn to for difficult problems.
I feel that the quality of a CISO's staff, which may be related to how much budget you can spend on decent people (or keeping the gems you unearth), will be a direct relationship to success.
Ancillary: Being able to identify the talent in other IT teams, and not alienating and antagonizing them, but rather getting those key people to be allies with.
by michael 02.05.12 at 9:12 AM in
/general
