Security News > 2020 > March > CISO Conversations: Verizon, AT&T CISOs Talk Communications Sector Security
The purpose is to discuss the role of CISO, and what it takes to be a successful CISO. Today we talk to Chandra McMahon and Bill O'Hern from the communications sector.
"I don't know that the CISO needs to be on the board," said O'Hern, "But at a very minimum the CISO needs to participate with the board. I think it is important that today, the board of directors understands the cyber risks that face the company and is well-versed in the programs, the posture, and how it gets executed within the business. I believe that in today's environment the CISO role has really evolved to be a true member of the C-suite, someone who sits at the table with the board of directors at least on a routine basis to continually update them on the posture of the organization."
"I think the best operating model for how a CISO can serve a company," said McMahon, "Is where the CISO has regular interactions with the board of directors and where the CISO is present in the room with the board. They need to have a seat at the table from an operational or operating committee perspective, and for that they need to be able to be in front of the board directly."
"For privacy," she said, "There is a lot of legal involved. In Verizon, our chief privacy officer is an attorney. CISOs are not normally attorneys. So, the CISO also being privacy/compliance officer is not common in larger companies. But," she added, "I do think that combining the CISO with other functions makes sense in certain conditions - so if a company has a really great CISO, challenging him with other functions makes a lot of sense."
"I would guess that any CISO sitting in a CISO chair today does not have a cybersecurity degree, because they didn't exist five years ago. None of us went to college to become a CISO or CSO - we all came out of different fields. We all arrived at our chair not by some formal education but on-the-job learning."