Wyoming’s Cybersecurity Conference
October 6-8, mornings, virtual
Free to government and students.
Nonprofits $15. All others $25.
Now offering POST and CPE credits!
Oct 7 Theme:
Security, Local – State – Nation
Protecting Wyoming’s Critical Water Supply & Infrastructure
Mark Pepper, WARWS
(Wyoming Association of Rural Water Systems)
Gregory White, UTSA
(University of Texas, San Antonio)
Moderated by Jennifer Kocher
(CyberWyoming Alliance Board Secretary and Wyoming Reporter)
As companies mature their security practices they often hire both a Chief Information Security Officer (CISO) and a Chief Security Officer. This essay outlines the typical roles and responsibilities of each.
The CISO is the executive personnel responsible for an organization’s data and information security. Recently, the role of CISO is gaining popularity as a corporate position whose role is to protect against information security risks. The role was created to help organizations protect their digital assets including computer systems and networks from hackers and other cyber threats. The CISO works along with other c-level positions, business managers, the security team and information technology (IT) managers to effectively monitor and maintain the security of the company’s computers, networks, applications, and databases.
The CISO’s primary responsibility is to have an understanding of security operations and challenges in current and future states of the organization’s business operations. In order to make effective business decisions, the CISO will need to have an in-depth knowledge of the organization’s operations, functions, and business disciplines like human resources (HR), compliance, and finance. The CISO is responsible for overseeing the security operations and duties includes evaluating the IT threat landscape, developing cyber security policy and controls to reduce the risk, auditing and compliance initiatives. He or she performs real-time analysis of immediate threats and triages threats when something goes wrong.
The CISO is also responsible for disaster recovery. Duties include developing cyber resiliency programs so the organization can rapidly recovery from natural disasters such as flooding, earthquake, hurricane, hacking, or security incidents. He or she determines what went wrong if there is a breach, and deals with those who are responsible (if they are internal). He or she develops the plan for avoiding a repeat of incident/crisis. The CISO is responsible for developing and maintaining various security policy domains that are associated with information security, compliance, governance, risk management, incident management, HR management and many more. The CISO is responsible for ensuring that the organization is adjusting to changing/growing compliance regulations.
CISOs are required to have at least a bachelor’s degree in security, IT, computer science or a related field with seven to twelve years of related experience and at least five years of experience in a management role. The CISO should have technical skills and should be familiar with various industry standards and frameworks like SOX, HIPAA, PCI, NIST etc. In addition to the bachelor’s degree, a CISO is typically required to maintain certification like CISSP, CISM, or CISA. The CISO should have skills like management, communication, leadership and many more. The median annual salary for CISO is $164,000 with the lowest 10% and $229,000 with highest 10%.
The CSO is the executive in charge of the security of personnel, physical assets, and information and data in both and physical and digital form. The CSO is a member of an organization’s upper management team and works with both security, and the IT team. According to the article on Investopedia.com, the CSO is responsible for developing and overseeing policies and programs used in the mitigation and/or reduction of compliance, operational, strategic, and financial security risk strategies relating to the personnel/staff, any assets, and other property. The CSO is responsible for leading risk management activities and overseeing strategies to assess and mitigate risk, thereby safeguarding the organization and its assets. The CSO is responsible for developing, implementing, and maintaining security policies and processes, identifying and reducing security risks, and limiting liability. He or she oversees network security architectures, network access and monitoring policies, security education, training, and awareness programs. CSOs are responsible for making sure that the organization is in compliance with local, national, and global regulations. They are responsible for conducting independent security audits, especially in areas such as privacy, health, and safety. A CSO is responsible for conducting research and implementing security management solutions to help keep the organization and its assets and information safe. A CSO is responsible for overseeing incident response planning and investigating any security incidents and breaches and assisting with disciplinary and legal actions.
CSOs are required to have bachelor’s degree in cyber security, IT, computer science or a related field as well as maintain cyber security certifications. In addition to the bachelor’s degree and certifications, they should have also have at least seven years of experience. CSOs should have a technical background and a proven track record in both technical and functional areas in security. They should have some experience with tools and systems like identity access management and threat intelligence, security information and event management (SEIM) endpoint protection, audit logging and monitoring. They should have a high level understanding of compliance and risks. CSO should have knowledge of contracts management for overseeing the quality of security vendors. Therefore, good communication skills are a must. They should have management and leadership skills as well. The average salary of CSO is $148,00.
Fruhlinger, “What is a CISO? Responsibilities and requirements for this vital role,” CSO Online, 01-Apr-2021. [Online]. Available: https://www.csoonline.com/article/3332026/what-is-a-ciso-responsibilities-and-requirements-for-this-vital-leadership-role.html. [Accessed: 26-Apr-2021].
Western Governors University, “CISO Job Description And Outlook,” Western Governors University, 11-Dec-2020. [Online]. Available: https://www.wgu.edu/blog/ciso-job-description-outlook2012.html#close. [Accessed: 26-Apr-2021].
“What is a Chief Security Officer (CSO)?,” University of San Diego, 08-Nov-2018. [Online]. Available: https://onlinedegrees.sandiego.edu/what-is-a-chief-security-officer-high-demand-skyrocketing-pay-for-csos/#:~:text=Chief%20Security%20Officer%3A%20Job%20Duties%20and%20Responsibilities&text=Manage%20the%20development%20and%20implementation,education%20and%20awareness%2C%20and%20more. [Accessed: 26-Apr-2021].
Many companies saw slackened sales during the pandemic, but countless other industries continued to thrive. As society begins to reopen and the tide starts to turn toward growth and rejuvenation, you might be toying with the idea of becoming an entrepreneur. It’s an intimidating time to jump feet-first into a new business. Still, there are countless upsides to taking the risk. Learn why now may be the best time to start your cybersecurity business.
Business Ownership is More Affordable Than Ever
From bailout programs to startup funds, the pandemic has helped cash flow from government agencies and myriad other organizations – and that money is winding up in small business owners’ pockets.
No matter your niche, finding startup capital may be the easiest it’s ever been due to the pandemic. Not only are loan and grant programs available for struggling businesses, but local governments and programs aim to help new business owners launch their dream biz, too. Plus, it may cost less than you think to start a business; 21 percent of business owners invest less than $5K in their companies (Wylie, 2020).
Technology is Keeping Up (And so are the Providers)
The move to remote work is one positive side effect of the pandemic. Though it’s required some adjustment on the part of professionals and business owners everywhere, moving to online work has felt relatively seamless compared to yesteryear.
Technology is keeping up with the times, and pandemic-era pricing often means high-quality tools are available at a fraction of the price (or at least a free trial) (Cox, Turner 2021). You (and your team) can use video conferencing platforms, project management apps, document sharing systems, and more.
The result? More efficient work that’s just as collaborative as it would be in an office. In fact, some teams found they were more creative (and enjoyed shorter meetings) due to pandemic restrictions (Spataro, 2020). Connectivity is crucial for remote teams, but entrepreneurs who go it alone will also see how a suite of high-tech tools keep the business flowing.
Plus, automation can literally keep working while you sleep. Whether you automate client onboarding or set up a chatbot to entertain online customers in different time zones while you’re away, technology helps you run your business more easily than ever before.
Technology Means More Digital Diversity
For budding entrepreneurs in the cybersecurity genre, business is positively booming. For one thing, pandemic-era business pivots mean many companies are transitioning their operations partly or entirely to online platforms. At the same time, consumers are demanding higher quality services, products, and security protections.
Consumers are seriously concerned about their privacy these days, and they were even pre-pandemic. As of 2019, 79 percent of Americans were concerned over how companies and the government used their data (Auxier, Rainie, Anderson, Perrin, Kumar, Turner, 2019).
In addition, COVID-19 has had an impact on cybersecurity, as the concept continues to be redefined. More online activity also means greater hazards in this modern era.
Now may be the best time to establish your managed services or malware cleanup business. Applications that help detect malicious cyber observables are also in high demand – so your great idea might easily find a home.
The enhanced digital diversity of COVID-era consumers means there are more people online, everywhere. Fortunately, even smaller companies (and entrepreneurs in other fields) are noticing that cybersecurity is more than just a trend. That means more potential clients for your business – and more cash in your pocket.
Outsourcing Can Happen Lightening Fast
While building a business takes plenty of effort and dedication, outsourcing can help simplify things. It’s unfortunate that unemployment reached an all-time high during the pandemic, but the plus for business owners is that many talented professionals are freelancing in their spare time. The increase in freelancers from 2019 to 2020 amounts to an eight percent boost; 36 percent of workers report working freelance full-time (Berliner, 2020).
You can hire an expert for every organizational need without onboarding a full-time employee. Outsourcing is highly beneficial because:
You can handle higher-level tasks while your team covers daily essentials.
Delegating means less stress and potentially more free time.
Outsourcing to an expert who can do things you can’t (yet) ensures a quality result.
You’ll likely find that hiring freelancers helps preserve your startup funds, too. Project-based tasks are the most cost-effective to outsource, especially when it comes to brand-building. Consider hiring a visual artist to create eye-catching ads. A branding professional can organize your promotional strategy. And a website developer can get your organization online in a snap.
It’s understandable if you feel apprehensive about investing cash, energy, and most of your free time to growing a post-pandemic business. But considering the present economic situation, you might be taking a bigger risk if you continue sitting on your big cybersecurity business concept.
Looking for ways to stay connected with the cybersecurity industry while growing your new business? VisitThe Cyber Resilience Institute for up-to-date resources, tools, and more.
Board Member Jane Ginn has recently been honored by the Oasis Open organization. Each year, a select group of members are awarded the Distinguished Contributor designation due to their contribution to open source projects and/or open standards.
Jane Ginn of Cyber Threat Intelligence Network, Inc. serves as Secretary of the OASIS Cyber Threat Intelligence (CTI) and the Threat Actor Context (TAC) Technical Committees. She joined the CTI TC at its inception more than five years ago, and has contributed hundreds of documents to the CTI document repository. As an ardent supporter of the TC’s mission, Jane’s work has greatly impacted the CTI community.
OASIS is one of the most respected member-driven standards bodies in the world, OASIS offers projects – including open source projects – a path to standardization and de jure approval for reference in international policy and procurement. OASIS has a broad technical agenda encompassing cybersecurity, blockchain, privacy, cryptography, cloud computing and IoT – any initiative for developing code, APIs, specifications or reference implementations can find a home at OASIS.
The November Cybersecurity and Information Environment webinar is pleased to host the Cyber Resilience Institute’s (CRI) Doug DePeppe and Jane Ginn on November 17th at 3PM MST.
The CRI team will discuss the use of parallel hunting techniques – using social media and technical telemetry – to reveal disinformation and misinformation sources. Link analysis to conduct deep source checking helps analysts evaluate and connect influencers and trending hashtags to their sources, which is especially critical to reveal adversary nation-state influence operations, such as election interference.
Those interested will be able to join a Call to Action, facilitated by the National Cybersecurity Center (NCC), in which we explore opportunities to collaboratively increase cyber resilience.