Security News > 2021 > February > CISO Conversations: Princeton, Cal State and Ohio State CISOs Talk Higher Ed Cybersecurity
It requires a special quality of CISO, and in this installment of SecurityWeek's CISO Conversations series, we talk to three of the best: David Sherry, Ed Hudson and Helen Patton.
"I've met female CISOs that I hugely respect, and I've met female CISOs I don't; and I think that's true for men as well. So, I'm hesitant to stereotype a class of people, male or female, as being more of this or less of that. I still look at the individual and the circumstance in which they work as being more important."
Most CISOs believe that the modern CISO needs to be both a businessperson and a techie.
"The easiest answer to where the CISO should sit is where he or she can have the most influence - and that depends on the vertical and the organization. But I believe the CISO should sit in the IT structure. I report to the CIO, as do many other CISOs - but I believe the best situation is to be equal with the CIO reporting up to whoever the CIO reports to." That time hasn't yet come, but Sherry believes it must.
"It is probably one of the more challenging areas, for CISOs in general, but certainly for CISOs in higher ed", he says.
"There are two flavors of CISO. There's the compliance-driven - I call that the Abominable No-man - who simply says 'you must', 'you shall', or 'we have to do this' - and I think you are going to be very frustrated if you are that kind of a CISO in higher ed. And then there's the one that casts the wider net, the more strategic net; so, the balance is how do we meet our compliance requirements and not be seen as, or construed as, or be a barrier to what the institution is trying to accomplish. And that's one of our more challenging issues."