Christopher J Hodson M.Inst.ISP
Senior Director | Office of the CISO at Zscaler
My journey to CISO was initially more luck than judgement. I started out in the world of technology around 18 years ago within an IT position which ignited a professional enthusiasm for something which had always interested me when growing up: the inner workings of computers and the networks which support them. As experience grew and the professional certifications stacked up, I moved through the engineering, design, architecture and manager roles to where I am today.
I am fortunate enough to have seen first hand how our personal and professional reliance on technology has dramatically changed. Ten years ago, we as the IT department controlled what a user had access to and how they connected; now the user demands access to applications of their choosing at a time they specify and on a device and platform they stipulate – oh how the tides have turned. How do we keep up? In most cases, it’s a challenge but not an insurmountable one.
The external perception of information security has also changed dramatically throughout my career.
Our boards demand that we make their organisations ‘secure’ but don’t want esoteric technobabble in the way of business-justification. The CISO these days is must now have a professional toolkit of astute business leader, technical guru and possess a PhD in Powerpoint.
Consensus suggests that staying technical and having senior management responsibility are in some way mutually exclusive; I buck that trend. I believe the over-arching requirement of hands-on security leadership is to convey information security risks to board-level executives in terms which resonate with them and allow for balanced and considered risk management; a skill I have developed through engagement with a diverse range of stakeholders across market-leading organisations.
What is your role