SANJU MISRA

I am glad that this book is broken into three sections: people, process, and technology. There is so much we need to do in each area to have a successful information security program. I hope to engage you to reflect on your career in information security.

In this chapter, I will share my experience and observations on making the leap from technologist to CISO. This evolution wasn't easy at times, and I often met with challenges, but it has also been very rewarding.

The CISO is a trusted strategist who has a seat at the table, both internally, speaking to business leaders about risk and what keeps them up at night, as well as externally, speaking to the board of directors.

In these contexts, it's not important that you display your technical acumen. It is assumed you have weighed the technical considerations as part of your viewpoint. Rather, your ability to transcend technical explanations and frame issues in terms of business risk is what allows you to be heard, to be understood, and to be successful in protecting the enterprise at a level appropriate for the risk tolerance of the company.

A Path to CISO

If you asked a hundred information security and risk leaders how they got involved in the field, I'm sure you'd hear some interesting stories.

I never thought about an information security career early on. I was a biology major with an interest in what computers could do for the field, but not in programming. I helped fellow ...