Home » Security Leadership » Career/Staffing

World View: CISO Types Spotted 'In the Wild' at a European Security Conference

Sure the speakers droned on--but at least our daring CISO columnist won’t be deluged with marketing calls afterwards

December 03, 2007 — CSO — As I write this month’s column, I am sitting in the midst on a mind-numbing information security conference in a large country in central Europe. The speaker has a Ph.D. and has turned his back to the audience whilst he spends five minutes at a flip chart scratching out an organization diagram for best practices in implementing an organization-wide business continuity and disaster recovery test plan…zzzzzzz. I notice seven members of the audience take the opportunity to sneak out of the room. That got me to thinking about how CISOs from different countries communicate--or fail to.

First, there are the American conference speakers, who are either working for a European company (very rare), representing a U.S. company doing business in Europe (more likely) or stationed in a U.S. company headquarters but have come to Europe to survey their domain (usually the case). Their lectures are invariably full of pithy implications like, “Security is all screwed up, and if people would only do things the way I say then all their security problems would be solved.” I’m using literary license, of course, but that’s the way they typically come off to the audience. Also, their PowerPoint slides are notoriously devoid of any substance and full of marketing slogans stating why their company is the best in security. I’m guessing this is because their public relations department has deleted anything that might be deemed vaguely interesting on the grounds that it is intellectual property. What’s left, of course, are empty slogans, nice graphics and (usually) entertaining animation and music. It’s the conference presentation equivalent of a Big Mac and fries--tastes good but not particularly nutritious.

Next are the Brits. They’re famous for affecting a faux carefree, debonair attitude during their presentations. I think this is a hold-over from the days of bad ‘60s British TV drama. I’m guessing these people must have cut their teeth on sappy episodes of the Avengers. They probably fancy themselves a modern day Mr. Steed--gaily hopping their way across a globe full of intrigue and espionage whilst solving the most difficult cases with effortless grace, charm and nonchalance. Call me crazy, call me irresponsible, but if there is one adjective I would never use to describe an information security officer, it would be nonchalant. I’m sorry, but when a zero-day attack explodes inside your corporate LAN, you’re not going to turn to your