CSOs warned to invest in training

IT security teams risk being isolated if staff aren't given business skills, warns Ernst & Young

Chief security officers (CSOs) have been warned to invest more in equipping their staff with business skills, or risk the department being increasingly alienated from the rest of the enterprise.

Seamus Reilly, head of information security at consultancy Ernst & Young, told IT Week that CSOs should be looking to "skill-up" individual members of their team who can make the leap from being hands-on technical experts to those able to deal with business challenges.

"There'll always be a core of people in security who will do [technical] security work and others will migrate to the top and have [business skills]," he added. "There'll also be a layer working as a bridge between the two and the more enlightened CSOs will understand this – those that don't will have a rough time ahead."

Reilly warned that CSOs which can't find the resources to train their teams to these ends may find the department becomes "divorced from the organisation and seen as a bit of an overhead".