Being patient, persistent and practical were keys to success as a chief information security officer, Mark Dill, former security leader at Cleveland Clinic, says in an interview at HealthcareInfoSecurity.
"Operating within the culture boundaries of an organization is key" for chief information security officers, Dill says.
CISOs must be ready to answer tough questions from their board of directors, he says, and also build rapport with peers and those in the trenches within the organization.
One survey recently found that C-Suite executives lack confidence in their CISOs and see them as scapegoats when data breaches occur.
"When you can always articulate the value of your program in unexpected ways or its contribution--that is important," Dill says. At the same time, CISOs can't be reluctant to pull the plug on things that aren't working, he adds.
"If something ceases to add value, whether it's talent or a process that's not working, or an old tool, you need to make tough choices and cut it up and free up opportunities to afford new things," he says.
Dill recently took a job at Kansas-based consulting firm tw-Security as a principal consultant, where he said he looks forward to helping smaller provider organizations with security preparedness.
The big breaches of last year have caused the CISO role to evolve. While in the past, CISOs were more focused on compliance with regulations and policies like HIPAA, they're now taking a more risk-based approach to tackling security challenges, according to Raj Mehta, a partner in Deloitte Cyber Risk Services.
To learn more:
- here's the interview