Sophos CISO maintains his sense of balance despite distractions

Sophos CISO maintains his sense of balance despite distractions

If being a CIO at an IT firm is a classic case of everyone thinking they know your job better than you then being a CISO at a security vendor must be at least as tricky a proposition. After all, information security is about as complex as modern IT gets: a mulligatawny of technical challenges, ethical intricacy, morphing approaches and payloads from both internal and external enemies… with regulatory governance and brand reputation thrown in to the mix as if that little lot weren't enough. But Ross McKerchar, CISO at Sophos, seems to maintain a sense of humour - and a balanced perspective - about it.

"Doing security at a security company can be a double-edged sword," he admits, wryly. "On a bad day it's like cooking for a bunch of Michelin-starred chefs but the challenges can be eclipsed by a senior management team that understands security and invests in security. CISOs can spend a huge amount of time justifying themselves; I'm lucky enough to start at a much higher level."

Another complicating factor of being in an IT-related role at an IT firm is the frequent requirement to show customers how the job should be done but for McKerchar that's only a small part of the role.

"It's 90 per cent-plus internal," he says. "I do speak to customers but there needs to be a real, solid role spending most of the time doing it rather than talking about it."

The CISO role has settled down over the last 10 years after a period when it changed complexion significantly.

To continue reading...


« C-suite career advice: Hans Tesselaar, BIAN


CIO Spotlight: Dr. Gavin Scruby, SmartDebit »
Martin Veitch

Martin Veitch is Contributing Editor for IDG Connect

  • twt
  • twt
  • Mail


Do you think your smartphone is making you a workaholic?