This week we spoke to Dexter Casey, Global CISO of Centrica to get his take on some of the industry’s polarising topics such as ‘should a CISO be technical’ to “what does the CISO of the future look like”.
What are the top 3 traits you look for when hiring direct reports? Technical Knowledge, Positive Mental attitude, Adaptability.
What is the biggest misconception about being a CISO?
You are not Accountable the business is. If you report to the C-level CIO or CFO, or COO, You are accountable. So own it and force the issue.
How important are sales skills for CISO’s?
Sales skill are incredibly important to a CISO. You have to understand that you are selling the features and benefits of small things. The big things like a firewall or Anti Spam sell themselves because they are tangible. But the small things matter and you have to be able to normalise complex small things to make the business see the benefit so think in terms of features and benefits.
What will the CISO of the future look like in 5 years?
The young CISO of now is the top CISO in 5 years because we are in the middle of a firestorm. Some people haven’t felt it but some of us have been feeling it for 8-10 years. I think the next big CISO’s will be smarter and will short circuit many of the attack patterns we see now. Mainly because there will be a corpus of failure to learn from but money and funding will be easier. It will be easier because of the uptick in attacks and the impact will open doors for the types of smart people who may not have fit the bill before but will be in demand when bad bad things start happening to important systems and companies.
What is the best part of your job?
The best part of my job is helping people see a risk they have not considered when I have the answer or know someone who does have the answer. The job of a CISO is not to win. It’s to make sure the Head of Incident Response and Head of Stability knows they have your backing to do their job. So the business can serve its customers. To help your head of Risk, Engineering or Architecture improve things and to help the Heads of Business feel confident in the technical aspects of your businesses propositions.
How technical should a CISO be?
A CISO in my opinion should be very technical. As technical as they can afford to be. Hacking, Cloud, Programming , Networking , ML. They should have a project in all these things. I’m sorry this is an unpopular view but there are many technically weak CISO’s and I don’t agree with that. Go and be Risk Managers.
What is your most unusual interview experience? (either as the interviewer or interviewee)
My job in Vienna. My manager was uniquely talented. Interviewed me while on another meeting in two different languages but bonded instantly only to get the offer mid interview. He was on a conference call in German and French and asking me technical questions in English which I answered which changed the direction of his meeting and led to me being hired.
Favourite movie with a security theme?
24. Season 8 when Jack attacks Logan’s car.