After a series of high-profile data breaches last year, many Washington-area companies began hiring in-house cybersecurity staff. Cvent, the McLean, Va.-based event-management software company that went public in 2013, has announced a search for its first vice president of information security to lead a team of technologists in finding ways to protect the company’s data.
To understand what the move means, The Washington Post spoke withDwayne Sye, chief information officer at Cvent. The interview has been edited for clarity and brevity.
Information security is a moving target, and it moves faster and faster every day; there’s an understanding that what is secure today isn’t necessarily secure tomorrow. The goal of getting the right person in this role is to stay ahead of that process. We need people who are proactive and thinking entrepreneurially, always articulating a strategy and leading a team that’s effective.
This is a new position. We’ve built a solid team of information security professionals in recent years, but with the growth of this company, it’s time to invest in it more heavily.
We’ve had people focused on this from the get-go, and we carved out information security as a separate team in 2006.
There are increased expectations now that we’re a public company, and we need to make sure we have independent representation for information security in the executive suite. We are going after larger opportunities and more sophisticated buyers. These types of customers are more knowledgeable — they have higher expectations as far as information security.
The first piece is incident management and response. That means looking at the real-time activity of our site, responding to what the logs are telling us and what we see in the information that we have. The second aspect is Web application security, making sure we’re baking security into the new products we develop.
And then there’s policy and compliance — making sure we’re in line with known and respected compliance standards.
Your most secure system possible would be one that isn’t even connected to the Internet, but that isn’t realistic. I can make things super-secure, but that will alienate some users, so you have to be very diplomatic about how to do that.
Another challenge in our environment is figuring out how to measure and quantify information security so we can figure out the sorts of investments we want to make.
We’re looking for someone with clear, demonstrated subject matter expertise in information security, particularly as it applies to the software-as-a-service business. They’ll have to have deep subject matter expertise and also the ability to manage the technical people resources we already have.
How that translates to business is also really important. Information security is fundamentally a risk management problem. This person will need to figure out how that translates into the investments we need to make to adhere to different laws. So drawing a relationship between technical and business considerations is really important.
View the original content and more from this author here: http://ift.tt/1dVKeBB
from cyber security caucus http://ift.tt/1PCos1g
via IFTTT
No comments:
Post a Comment