This page contains a Flash digital edition of a book.
Is the industry losing sight of risk management, though, I ask? “Not at the board or senior management level, because they’ve seen the impact of very signifi cant incidents”, de Crespigny says, confi dently. “The challenge is fi nding people that understand the business perspective, and can translate that into actions that leave their people focusing on the right topics.” At the moment, there are a signifi cant amount of large public companies in London seeking to appoint CISOs. “They’re looking for people that have the business infl uence capability, who can talk to CEOs in their language – not the language of IT”, de Crespigny says. This supports his argument that information security is best seated not within the IT function, but in the business stream.

Stroppy Teenager

Mr de Crespigny uses a fascinating analogy to explain just how far the industry has come – and still has to go. “We’re very much still in a late adolescent stage. If you think about psycho-social development, most security functions are still at a stage where they’re focused on the importance of self; being seen as capable and having an identity of their own. Adolescence is all about being independent, and being seen as strong; whereas in early adulthood, it is all about relationships.” “I think there’s a real issue at the moment around the maturity and development of a core profession, and particularly the importance of organizations in the public and private sector being much more open with each other”, he continues. “We need to move from this late adolescent stage into early adulthood”. The ISF’s objective is to facilitate the stage of ‘early adulthood’ for their members – enabling the collaboration of people with common problems and interests, and talking about how to solve those problems when needed. “The ISF is growing at a time when the economy around the world is still not particularly healthy, and it’s driven by this maturing approach to the way to solve the problem.”


During a revision of strategy in 2011, de Crespigny and the ISF determined key areas of focus: visibility, growth, and critical mass in key markets. “We need to be more visible externally on issues important to the public and private sector, and have invested more in public relations. The ISF is particularly focused on growing membership in Germany and the US.”

If the information security industry is in the stages of late adolescence, then surely its ‘teenage’ members will welcome a new social networking site with open arms? The ISF is launching a new member website based on enterprise social technology, which de Crespigny has been “actively involved in. ISF Live will be launched in July. There are features which will enhance the way our members can keep in touch”.

Skills Gap

American members of the ISF are reporting zero unemployment in the information security fi eld at the moment. Why? “Because there’s a

To support demand for highly skilled professionals, information security budgets are growing, providing the perfect opportunity for people to come in at the grass roots level. “I imagine MBA programs, in due course, will become of greater interest to people in security roles. At the moment, I don’t see a lot of people in security actually thinking about an MBA as a career development option, but I’m sure that will change.”

Life After the ISF

I’d quite like to get involved in industry-level consolidation for the plethora of standards that are creating fog and confusion

limited number of people that are really credible in this space”, responds the ISF’s CEO. “Now that boards and business ‘get it’, they need well-qualifi ed people to beef up their teams. So they’re out recruiting people, and at the moment they just don’t exist.” Without doubt, demand is outstripping supply.

“There are fantastic employment opportunities, and very credible universities and institutions offering well-regarded qualifi cations. [Demand for information security professionals] is not going to tail off.

It’s going to grow, and it’ll grow faster than the economy”.

Of course, not all ISF CEOs get a fast track ticket into the White House after serving their time, so I ask de Crespigny what he imagines his next move might be. “I’d quite like to get involved in industry-level consolidation for the plethora of standards that are creating fog and confusion”, he replies. “As the industry matures, there’s a need for this to come together at an industry level – I’d like to be a part of that.” While he doesn’t envision this happening any time soon, he is a strong believer in the concept of self-imposed fi xed terms, of which he judges fi ve to seven years to be the limit. “In my working life, the organizations I’ve seen suffer the most are the ones where there’s been a dominant chief executive who really hasn’t moved on.” As a result, he openly admits he does not expect to be in the role of ISF CEO until the day he stops working.

Perhaps that next move will be another of luck or chance, arising out of being in the right place at the right time. Or perhaps de Crespigny is in more control of his destiny than he allows himself to believe. His dream job of racing sports cars from the seventies and eighties (“before they became complicated by electronics”) is unlikely to become a reality, but de Crespigny settles for taking his “old Porsche out on racetracks every now and again” to get his adrenaline pumping. Perhaps, like the information security industry, de Crespigny has a little bit of adolescence left in him.

May/June 2012

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52