Need to... (non-tech skills): ... have communications skills and marketing ability ... have Global and cultural experience ... have regulatory experience ... be politically savvy ... have legal knowledge ... be a “Process police” ... have imagination, creative thinking and problem solving ability ... have a broad/holistic view of security (IT, OT, etc…) ... have project management skills while cool under pressure ... the ability to balance both engineering and “business sense”
Types of Information Security Officers
Technical ISO
Specializes in technical security issues, operations and monitoring
Manages endpoints, firewalls, handling intrusion-detection and intrusion-prevention systems
Product ISO
Specializes working with external parties
“Security by design” and “security by default” in product design and development
Securely using third-party SDKs and securely making API’s and microservices available
Interpreting laws, regulations (i.e., GDPR, PCI, HIPAA), EULA’s and T&C’s for all
stakeholders
Business ISO
Specializes in information security issues related to the business
Securely implement customer-facing technologies
Protecting customer information
Implementing enterprise security requirements, policies and procedures
Strategic ISO
Specializes in implementing security initiatives to achieve mission, goals and objectives
Responsible for presenting security to CxO’s and executive management