The importance of having a CSO/CIO
There is one thing that almost every organization cannot be without, and that is the computer network. Computer networks in the workplace have become ubiquitous, and it is rather hard to imagine life without them now. Well with the advent of this modern day convenience to help us expedite our daily work duties is a whole other cottage industry. That would be the IT infrastructure required to keep all those computers, switches, routers, and other peripherals running at peak efficiency. It is rather nice to have all that shiny hardware and software to help us out, but we need a human interface to help us when things go awry with them. Part of that IT infrastructure is your help desk, your sys admin shop, and in some companies your computer security people. Just what do all these people do, for what are ultimately, their customers: the company employees? You might be surprised at just how much goes on in the background. Having such an IT staff also begs the question of just who represents them in the boardroom meetings? Well that would be the job of the CIO (Chief Information Officer) or CSO (Chief Security Officer).
Being a part of a large company is a little like being part of the human body. Various departments perform roles. From accounting, to sales, to marketing, to management, each has their own role. Without each of them functioning, things begin to break down. All of these various groups within the corporate structure have a common denominator. They all have computers to fulfill their duties. You could actually call a company's IT assets, both physical and human, a critical asset. While the system administrator or router administrator may do an excellent job, they are often not the best people to have representing themselves at the boardroom level. For that, you need what I mentioned earlier, ie: the CIO of CSO. These people have the requisite understanding of what the IT department brings to the table. Not only that, they are also the ones who also understand the business model, and how to sell the benefits of having an in-house IT shop. No one can dispute the technical prowess of Jack the UNIX admin, but he is woefully unprepared to face an IT steering committee.
Out of touch?
Personally, I am a computer security consultant so that would place me at the technical end of things. One of the favourite gripes of a lot of technical people I know is that the management end of their department is "out of touch" with their day to day reality. While I can understand their frustration at times, they also need to understand that the person they are maligning, has a thankless job. Imagine the following scenario if you will. All of the key players are assembled at the boardroom. Next year's budget is being discussed, and the CEO is looking for ways to increase profitability, or the company's shares. Each department does their best to avoid the fiscal axe to varying degrees. Next, the CEO trains her eyes on the CIO/CSO and says she believes they can cut 30% out of their budget seeing as there has not been any serious computer related problems that have affected the company. Little do the techies in the IT department know that at that precise moment a lot of their jobs hang in the balance and their only champion is that often maligned CIO/CSO.
This is very much the day the CIO/CSO has dreaded; the annual budget review. He or she knows that they have done an excellent job of keeping the networks running well, and incident free. The problem is that the CEO does not see the IT department as a money making asset, but rather as a large fiscal drain. She knows that she can outsource a large part of it. Also she knows that there have been no security incidents in the past year. Just what the devil is she getting out of that expensive budget? This verbal battle is very much the "raison d'etre" of the CIO/CSO. We all know that the IT department is not necessarily a money making endeavour, but it sure as heck is saving you money. The cost of cleaning up a worm infection, or having a company's intellectual property stolen can add up to the millions very quickly.
Tech skills + Business savvy = CIO/CSO
Our one friend is indeed the CIO/CSO who has the knowledge, and experience to convey the critical role that the IT department plays in the company's overall plan. Without having a voice at the boardroom level that can not only understand the technical aspects of an IT department, but furthermore also understands the business model of a company, many of us would be out of a job. The role of the CIO/CSO is obviously a critical one, and largely also a thankless one. They are often put in situations where they have to defend their reason for being, and also are often criticized by the people they are in charge of representing.
What the technical side of the house needs to remember is that the CIO/CSO is in all likelihood a university graduate with a degree. Many of which, are actually in Computer Science, or other such discipline. I would have to say that such a degree would certainly speak volumes about their technical background. Even looking at many of the job sites one will see a very extensive list of qualifications required for the position of CIO/CSO. So we can see that many CIO/CSO's actually come from a technical background, and have since progressed into management.
I have had the luck of working with some talented individuals in the recent past who exemplify the best of both worlds; business sense, and technical ability. Names such as Alex Arndt, and Al Williams readily come to mind. What both of these individuals have is a keen grasp of the technical and formal training in the management end of computer security. They both also realized that to progress in their careers they needed to move beyond being a single faceted individual. Realizing this, they undertook training to broaden their skill set, and thusly made themselves into a far more versatile employee.
What all of this goes to show us is that we all need to grow, and continue learning. We cannot sit back as technical people, and gripe about the managers around us. One should realize that the CIO/CSO is indeed a very skilled individual with a very broad and diverse skill set. To be quite honest many of us should attempt to emulate them. After all they are the ones in charge of us. We are not in charge of them. One does not get to such a high position on bluff alone, but on a combination of skills and drive. I would hope that we can all agree that the CIO/CSO is indeed our best friend in the corporate world we live in.