As information security professionals consider new opportunities, they must carefully determine whether the corporate culture is a good fit, says former healthcare CISO Jeff Cobb, who recently made his own career transition to security consulting.
"One of the important things for me, regardless of staying on the practitioner side or getting into the consulting side, as I chose to do, is a company fit and culture," Cobb says in this interview with Information Security Media Group. "For me, it's become more important over time."
Cobb recently left his role as CISO of Capella Healthcare in Tennessee to take on a consulting position at systems integrator World Wide Technology.
"There are jobs that, from the day-to-day ... roles and responsibilities that are outlined in job [requirements] ... are very similar. But I think it comes down to understanding an organization's culture, understanding the people, and how you fit within that culture and organization."
So You Want to Be a CISO?
Information security professionals who have aspirations to one day become a CISO need to first conduct some soul-searching, he suggests. "Everyone really needs to sit down and figure out ... what they really want to do," he says.
"As you shift from the more technical hands-on focus to more of the business side, it's sometimes hard to leave the technical pieces behind," he says. "But in addition, there's a whole set of things that start to hit your plate that you may not know or consider at first. Whether it's managing budgets, HR staffing - that's a big topic of conversation within security - the shortage of skills or ... how to find good talent. It's a lot more business-driven."
Those considering becoming a CISO must weigh the heavy responsibilities that come with the job, Cobb says. "You also have to be comfortable with the fact that on any given day, you could walk in and something could happen - a compromise or something [else] going on - and your executive management are going to turn and look at you for answers, for response, for remediation and all those things."
In the interview, Cobb also discusses:
- Tips for how organizations can better develop their information security workforce, even when dealing with tight resources;
- Career advice for navigating through mergers and acquisitions;
- How Cobb's former role as a healthcare CISO prepared him for his new consulting role;
- The biggest privacy and security challenges facing the healthcare sector in the year ahead.
Cobb is a principal security consultant at World Wide Technology, a $7 billion privately held systems integration firm based in St. Louis. Previously, Cobb served as the vice president of IT and CISO for Capella Healthcare, a Tennessee-based health system that operates 14 acute care and specialty hospitals in six states. He has more than 15 years' experience in information technology and security, addressing such issues as enterprise architecture, application systems, risk management and regulatory compliance.