Chief Security Officer May Be The Job Of The Future That No One Wants

This is pretty accurate. Why? Because Information Security is almost entirely reactive. You can plug up a system as best you can while allowing key operations, sure. But after that point, you're responding to events you discover, typically after the fact because real-time monitoring on any effective scale is almost as huge of a money drain as the lawsuit. But, someone has to take the fall when events like Target or Sony happens. That typically lands on the CIO/CSO/CISO for not "doing their job". Even if it's a 0-hour hack.

That's the fun of the IT world. You're considered a liability, not an asset. Until the boss can't get their email. Then it's your fault and you better Foxtrotting fix the Golf Delta Sierra.

If we're honest the military and other government agencies aren't any better. Thus the OPM hack. Thus the creation of an entire new Army corps which is no one seems able to fully differentiate from the key competencies of the signal corps. In about 30 seconds I'm going to link to this from a discussion where an S6 is asking about why it's so hard to get people to listen to what's needed beforehand while everyone knows they will be blamed afterwards if it doesn't happen.

good info thanks