Four steps to hiring the best CISO in an IoT world

Of all the new technology processes shaping the next wave of digital transformation, perhaps none is more prominent than the Internet of Things (IoT). As Phil Celestini, senior vice president and chief security and risk officer at Syniverse reports, this technology is spawning a new ecosystem of interconnected networks and data transactions that is rapidly expanding and redefining how we do business.

But what’s often overlooked is that the IoT is also an internet of shared services and data. This fact is one of the biggest challenges for companies looking to integrate their businesses with the IoT, and at the same time ensure that attack vectors and associated risks are addressed. These defences involve various skill sets and teams led by the chief information security officer (CISO).

From a risk perspective, in fact, the public internet was never designed to be a secure environment. It was conceived as a network with built-in redundancy for academics and researchers to share data, not protect access to it. Consequently, it’s more a best-effort network than the best-in-class network needed to ensure the confidentiality, integrity and availability of transactions. Since the IoT’s premise is built upon connectivity, a malevolent attack that compromises this connectivity has the potential to wreak unprecedented havoc. Having the right leadership to drive your information security team’s success in defending against such havoc is crucial.

With this in mind, businesses must strike the right balance between staying secure and leveraging innovation to take advantage of advances like the IoT. A crucial part of this starts with selecting the best CISO, something I did several months ago with great success. Here are four factors I have considered when assessing candidates for the CISO position, based on more than 35 years of experience in high-risk operations and overseeing various facets of security for businesses, the FBI, intelligence community, and military.

4 factors for hiring a CISO

  • Security is in the title, but won’t be the only job: Security should be treated as a service that needs to be operated as a business within your business. That means CISOs need to understand their company’s strategy, business objectives and risks to truly provide value. In addition, there are benchmarks, best practices, and regulations that will dictate how information technology and data are to be secured. In this respect, CISOs can provide security and market insights that sales and marketing teams can use to create a strong corporate story about security posture to make your company stand out from the competition.
  • CISOs should openly communicate with the C-suite: A culture of security is supported by factors like how an organisation is aligned and how reporting is structured. When it comes to enterprise risk, a CISO should report as directly as possible to the C-suite. There will be differences based on an organisation’s size and maturity, but the closer access to the CEO is, the less “filtered” critical conversations will be. Risk-based decisions that a CISO needs elevated to the C-suite can sometimes be difficult to communicate to senior leaders, because those decisions will affect other stakeholders and rarely happen in a vacuum.
  • ‘Security’ has broadened: Twenty years ago, it was common to work in an organisation where “security” meant having someone in IT managing a firewall. But marketplace dynamics and consumer demands have since influenced how businesses operate and driven the need for professional information security staffs. Today, outside factors like regulations, legal requirements, and customer demands drive the need for robust security just to stay in business. CISOs should be armed with this knowledge and the right budget to enable them to define their security strategy in the realistic context of their business’s finances and objectives.
  • The best CISOs are the best students: CISOs need to be technically skilled, strong leaders and astute business managers. The CISO role is a journey, and good CISOs must be committed lifelong learners. The industry never stops evolving along with technology, which means threat vectors will continue to become more complex, as will data privacy laws and a host of other external “influencers” on the CISO’s role. This generates a constant need to maintain and refresh knowledge in order to adhere to sound risk-management practices.
Phil Celestini of Syniverse

The rapid growth of IoT devices and applications dependent on the public internet is opening a new era in connectivity – and vulnerability. As businesses seize the opportunities of this era, they risk leaving commercial data and systems exposed to a public internet never intended for that purpose.

Ultimately, companies that want to conduct business and transfer data with certainty, security and privacy must have a security strategy to protect their operations from the public internet, and a critical part of this strategy involves finding the right CISO. The four factors here offer a useful foundation for informing this process.

About the author

The author is Phil Celestini, senior vice president and chief security and risk officer at Syniverse.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow


9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

What is a vCIO and why do SMEs need them to thrive?

Posted on: September 28, 2021

The pandemic forced many small and medium-sized companies to rethink their business plans and the technologies they use. The hybrid and remote workforce has spawned technology challenges, including cross-team collaboration and vulnerabilities. Additionally, says Gary Pica, founder and president of TruMethods, a Kaseya company, many businesses are now evaluating regulatory issues and boosting cybersecurity measures.

Read more

Truphone enables mass IoT deployments with iSIM collaboration

Posted on: September 28, 2021

Truphone has announced that, in collaboration with Sony Semiconductor Israel Ltd., a cellular IoT chipset provider, and Kigen, a global security provider, it has enabled its IoT platform and global connectivity to run on the integrated SIM of Sony’s Altair cellular IoT chipsets, powered by Kigen iSIM OS.

Read more