External CXO Relationships

External CXO Relationships
What does a CTO consultant do?

Top Answer: Virtual CTO’s mostly work with organizations looking for strategic IT alignment, validation, and an IT function that's only run in an operational mode. These IT functions have not yet reached the maturity level needed to have their own IT strategy and alignment with business objectives, so there's a disconnect. IT is busy running the day-to-day operational aspects, but it's not aligned with the business and its priorities. That's where I have been helping these companies as a virtual CTO. I try to understand the business, its customers and value proposition or core offering, as well as its functional and operational aspects to help align IT's capabilities to be more productive, efficient and futuristic. In certain cases, I also help with the other aspects of the business by doing things like competitor analysis, or showing them the benefit of embracing standards, like ISO 27001, or uplifting them to gain trust in other regional areas and provide more confidence to current customers.

Related Tags
What is the most important advice you can give the next generation of security professionals and CISOs?

Top Answer: Context is important. The path that one takes to being a CISO is very relevant and there are generally two paths. One path is to come up through the technical ranks. You understand technology at a certain level and you grow into management before ending up as a CISO. And the other path is to get your MBA. Among the MBAs that end up as CISOs, you’ll often find that they have never done security work hands-on, but they’ve gotten into that role because it has become far more business-centric than what it once was. I'm not saying either path is better or worse. They just come with different perspectives. I've met peers that couldn't break into something if I did it for them, but they're CISOs. And then I've met CISOs that come from a technical background and couldn’t talk to a board of directors if their career depended on it. A good balance of both technical skill and business acumen is what a CISO needs to succeed. You have to earn the respect of your cybersecurity rank and file, but you also have to be able to translate technology talk for the board and C-suite. You have to speak their language and that doesn't come naturally; it’s something you have to learn. Some CISOs see themselves as pure business people and will never have the respect of their actual cybersecurity ranks. But that's a mistake, because in the face of a real emergency, those people won’t be that effective. So my advice is: don't limit yourself in terms of your perspective. It's great to have the business perspective, and it's great to have the technical perspective, but this role is unique in that you need both.

What led you to get involved in multiple CISO communities?

Top Answer: I like sharing whatever I can to add value. But to me, it's a bidirectional activity. No matter how many years you've been in this industry, there's always something to learn. There's always a different perspective to absorb and I find that bidirectional exchange to be critical, even in terms of my day-to-day operations.  One of the coolest things that drives me to get involved in different organizations is the sector specializations that appeal to specific populations. For instance, in New York, you find a more financial sector type of perspective. Down here in North Carolina, there's more of a healthcare perspective. On the west coast of the US, you're probably going to find more of an entrepreneurial perspective. Each one of those presents an awesome dynamic to bring together and learn from.