Re: The Security Skills Shortage No One Talks About
@Ashu001 It is not necessary for Security to have a seat on the Executive board - some small companies do not have many on the board itself. What is really important is that the lines of reporting and accountability should be different. If there is no CSO/CISO, then have security report to some executive other than the CIO/CTO if they exist. IT and Security, although rooted on the same foundations, should eventually diverge to enforce a separation of duties and avoid the negative consequences of any conflict of interest.
On another note, I am sure that some of my students do not appreciate the amount of work they have to do, or the effort they must put into the communication criteria I like to impose, but I am not there to win a popularity contest. I simply want to prepare them for something they will surely face in their future work environments. It is gratifying to see how their work has radically changed for the better, though.