CISO Success Requires Collaboration
One-on-One Meetings Between CISOs Aid in Tackling ChallengesAnd, he says, this enhanced collaboration is helping him gain a better understanding how to do his job effectively.
"I'm personally benefiting from their lessons, but also sharing my experiences with them and then opening up a network, which has been very valuable," Schwartz says in the first of a two-part interview with Information Security Media Group. "If nothing else, the main thing I learned is the power of collaboration and the power of having this network that we all have as security practitioners, and certainly the network of CISOs I've been personally able to expand over the past year."
A year ago, the security products provider hired Schwartz as its first CISO [see RSA's CSO Tells Why He Took the Job] after it experienced an advanced persistent threat breach of computers storing data on its SecurID two-factor authentication product [see RSA Says Hackers Take Aim At Its SecurID Products].
Collaboration among CISOs isn't new; research organizations and vendors have sponsored gatherings IT security pros have attended for years. But this new collaboration is more personal.
"More than ever, I've been feeling that we as individuals are also collaborating better," Schwartz says. "We're calling each other up. We're being more open about things that are bothering us, whether they're resource issues, whether they're gaps in programs, whether they're attacks that we've had, and sharing very specific information with each other.
"In the past, many of us looked at security as if this is the island that I live on, and I've got to face all of the challenges associated living on this island on my own. Now ... it's just working with somebody else who has a good idea that's different from yours, it's the idea power of many, it's the power of all of us working together. It's very, very compelling, and has been a success factor for many of us that have been open to that kind of collaboration."
Schwartz, in the interview, relates a recent lunch he had with another CISO and explains what they discussed and how they benefited from the meeting.
In part two of the interview, which will be posted shortly, Schwartz explains how IT security organizations should adapt to new types technologies and threats.
From 2007 to mid-2011, Schwartz served as chief security officer at NetWitness, like RSA, an EMC-owned network security provider of real-time network forensics and automated threat analysis. Before joining NetWitness, Schwartz served as chief technology officer of ManTech Security Technologies, senior vice president of operations of Guardent and executive vice president of operations for Predictive Systems. Besides being CISO at Nationwide Insurance, Schwartz worked as a senior computer scientist for CSC and a foreign service officer with the State Department.