CISO CORNER: Interview with Ric Longenecker (for free today!)
(Editor's note: This premium content first appeared in the March 22 issue of Inside Security. If you would like to receive this feature every Monday, Click here to upgrade to premium!)
Below is my exclusive interview, conducted by email, with Open Systems CISO Ric Longenecker about the challenges CISOs face on a daily basis. [The interview has been edited for readability and length.]
Inside Security: What do you consider to be key attributes of a CISO?
Ric Longenecker: The role continues to evolve into an executive role. Like any executive, a great CISO needs to be adaptive. The ability to understand the nature and position of the organization, then to identify and push the right change, is key. As with any executive and technical position, the CISO must be a strong motivator, communicator, and organizer.
IS: What would you say are the most significant security threats?
Longenecker: This depends on the organization and the potential risks that it might face. Overall, what’s most significant currently is the continued advancement of released vulnerabilities and large-scale automated attacks or those promulgated by specific organized groups. The pace of technology is moving so fast, that IT and many organizations are having trouble keeping up. A case in point is the recent Microsoft Exchange vulnerabilities where tens of thousands of organizations may yet be exposed. They simply can’t deal with it.
IS: What mistakes have you learned from while working as a CISO?
Longenecker: The biggest thing any CISO learns over time is the need to stay calm and carry on. New challenges and risks run week-by-week. When you’re starting out, you can get really worried about this stuff or become too vocal. This also applies within an organization, when security folks try to push initiatives too strongly without organizational buy-in. This can result in an early exit and doesn’t get the individual or the organization anywhere. Conversely, you need to develop a communication style that isn’t passive. "Speak softly, and carry a big stick" — as U.S. President Theodore Roosevelt used to say.
IS: Do you have advice for someone looking to start a career in cybersecurity?
Longenecker: The sky is the limit today, and there are many opportunities out there. Don’t be shy, but you must also be willing to put in the hard work to understand the fundamentals.
IS: How do you see the role of the CISO evolving over time?
Longenecker: The role will continue on the executive track. We’re already seeing this, as more and more leaders are winning positions without a true “security” background. Communication, soft skills, and leadership, as well as the ability to quickly ascertain risk, understand technology, and motivate talent, are relevant to the fast-changing and modern enterprise.