The Gap Between Knowledge and Leadership; Are CISOs Failing to Reach Their Own CEOs?

Share Article

The topics to be covered at EC-Council’s upcoming Global CISO Forum look to address some of the wide-ranging challenges a modern CISO faces, including technical conundrums but also emphasizing the non-technical, managerial and communication challenges CISOs are required to master.

The Global CISO Forum aims to bring together CISOs from around the world

Too frequently, infosec professionals speak in terms of threats or vulnerabilities or technology. They need to learn to speak in terms that business leaders understand, and the one thing they understand is risk.

In a world where threats to information security and privacy are not only persistent and pervasive but also constantly changing, Chief Information Security Officers (CISOs) have their hands full. CISOs of organizations ranging from Fortune 500 businesses to the US government drive security strategy, disaster planning, business continuity management, and incident response, among many other duties. Add to that the task of communicating to boards who are historically unwilling to listen or unable to decipher technical jargon, and the role of the CISO seems more difficult than most. Not only does a CISO need a tremendous technical skill set, the managerial acumen to handle large staffs, but also acute business sense. EC-Council's upcoming Miami Global CISO Forum was designed to give CISOs the opportunity to discuss problems and share best practices.

One of the biggest downfalls of a security program is the failure of a board, CEO, or sometimes even the CIO to fully grasp the business implications of a spotty information security program. Some blame the CISOs themselves for failing to speak in a language that non-technical professionals can understand. "CEOs and boards are business people. Too frequently, infosec professionals speak in terms of threats or vulnerabilities or technology. They need to learn to speak in terms that business leaders understand, and the one thing they understand is risk." To be fair, the communication problem goes both ways as boards and other C-levels tend not to share long-term strategic plans with CISOs, thinking that technology generally and information security in particular, don’t enter into business strategy. According to an anonymous source quoted for a article, some CEOs and boards "don't want to hear from them (security experts) no matter how well they communicate," she says. "And some CIOs and CISOs never see long-term strategic plans. How can they be expected to do anything if they don't know the plan?"

At the EC-Council-hosted Global CISO Forum, this gap in communication will be a big topic of discussion. One of the highest-billed panels of the Forum, entitled “How to Sell, Brand, and Integrate Information Security Programs with Business Objectives”, looks to tackle the communication problems outlined above. Gathering CISOs from around the world, the Forum aims to encourage information and best-practice sharing, in a series of closed-door, high-level panel discussions. The event, running concurrently with the East coast’s biggest security conference, Hacker Halted, is by invitation only. With CISOs from high-profile organizations like Motorola Mobility, Salie Mae, the FAA, Amtrak, News International, and many others, the Forum is shaping up to be a great chance for networking, learning, and information exchange. For more information about the Forum, contact Amber.Williams(at)eccouncil(dot)org.

About EC-Council

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. EC Council is the owner and developer of the world-famous E-Council Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Tester (LPT) programs, and various others offered in over 60 countries around the globe. These certifications are recognized worldwide and have received endorsements from various government agencies including the US Federal Government via the Montgomery GI Bill, and the US Government National Security Agency (NSA) and the Committee on National Security Systems (CNSS) certifying EC-Council’s Certified Ethical Hacking (CEH), Network Security Administrator (ENSA), Computer Hacking Forensics Investigator (CHFI), Disaster Recovery Professional (EDRP), Certified Security Analyst (E|CSA) and Licensed Penetration Tester (LPT) program for meeting the 4011, 4012, 4013A, 4014, 4015 and 4016 training standards for information security professionals and most recently EC-Council has received accreditation from the American National Standards Institute (ANSI).

For more information about EC-Council, please visit

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Amber Williams
Follow us on
Visit website