Four steps to hiring the best CISO in an IoT world

Of all the new technology processes shaping the next wave of digital transformation, perhaps none is more prominent than the Internet of Things (IoT). As Phil Celestini, senior vice president and chief security and risk officer at Syniverse reports, this technology is spawning a new ecosystem of interconnected networks and data transactions that is rapidly expanding and redefining how we do business.

But what’s often overlooked is that the IoT is also an internet of shared services and data. This fact is one of the biggest challenges for companies looking to integrate their businesses with the IoT, and at the same time ensure that attack vectors and associated risks are addressed. These defences involve various skill sets and teams led by the chief information security officer (CISO).

From a risk perspective, in fact, the public internet was never designed to be a secure environment. It was conceived as a network with built-in redundancy for academics and researchers to share data, not protect access to it. Consequently, it’s more a best-effort network than the best-in-class network needed to ensure the confidentiality, integrity and availability of transactions. Since the IoT’s premise is built upon connectivity, a malevolent attack that compromises this connectivity has the potential to wreak unprecedented havoc. Having the right leadership to drive your information security team’s success in defending against such havoc is crucial.

With this in mind, businesses must strike the right balance between staying secure and leveraging innovation to take advantage of advances like the IoT. A crucial part of this starts with selecting the best CISO, something I did several months ago with great success. Here are four factors I have considered when assessing candidates for the CISO position, based on more than 35 years of experience in high-risk operations and overseeing various facets of security for businesses, the FBI, intelligence community, and military.

4 factors for hiring a CISO

  • Security is in the title, but won’t be the only job: Security should be treated as a service that needs to be operated as a business within your business. That means CISOs need to understand their company’s strategy, business objectives and risks to truly provide value. In addition, there are benchmarks, best practices, and regulations that will dictate how information technology and data are to be secured. In this respect, CISOs can provide security and market insights that sales and marketing teams can use to create a strong corporate story about security posture to make your company stand out from the competition.
  • CISOs should openly communicate with the C-suite: A culture of security is supported by factors like how an organisation is aligned and how reporting is structured. When it comes to enterprise risk, a CISO should report as directly as possible to the C-suite. There will be differences based on an organisation’s size and maturity, but the closer access to the CEO is, the less “filtered” critical conversations will be. Risk-based decisions that a CISO needs elevated to the C-suite can sometimes be difficult to communicate to senior leaders, because those decisions will affect other stakeholders and rarely happen in a vacuum.
  • ‘Security’ has broadened: Twenty years ago, it was common to work in an organisation where “security” meant having someone in IT managing a firewall. But marketplace dynamics and consumer demands have since influenced how businesses operate and driven the need for professional information security staffs. Today, outside factors like regulations, legal requirements, and customer demands drive the need for robust security just to stay in business. CISOs should be armed with this knowledge and the right budget to enable them to define their security strategy in the realistic context of their business’s finances and objectives.
  • The best CISOs are the best students: CISOs need to be technically skilled, strong leaders and astute business managers. The CISO role is a journey, and good CISOs must be committed lifelong learners. The industry never stops evolving along with technology, which means threat vectors will continue to become more complex, as will data privacy laws and a host of other external “influencers” on the CISO’s role. This generates a constant need to maintain and refresh knowledge in order to adhere to sound risk-management practices.
Phil Celestini of Syniverse

The rapid growth of IoT devices and applications dependent on the public internet is opening a new era in connectivity – and vulnerability. As businesses seize the opportunities of this era, they risk leaving commercial data and systems exposed to a public internet never intended for that purpose.

Ultimately, companies that want to conduct business and transfer data with certainty, security and privacy must have a security strategy to protect their operations from the public internet, and a critical part of this strategy involves finding the right CISO. The four factors here offer a useful foundation for informing this process.

About the author

The author is Phil Celestini, senior vice president and chief security and risk officer at Syniverse.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

RECENT ARTICLES

OpenText Europe: AI for growth and sustainability

Posted on: March 19, 2024

OpenText, the information company, is set to host OpenText World Europe 2024 April 15 – 18, 2024, with a series of in-person customer conferences taking place in London, Munich and Paris. The event series will bring together industry leaders, innovators and customers to discuss how technology can enable global organisations to build for growth, experience and sustainability.

Read more

Surrey leads new £8 million FORT centre for advancing secure networks

Posted on: March 18, 2024

The Engineering and Physical Sciences Research Council (EPSRC) announced that Surrey’s 5G/6G Innovation Centre will lead a new £8 million Centre for Doctoral Training in Future Open Secure Networks (FORT). 

Read more
FEATURED IoT STORIES

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more