It's quite a challenge to help Citrix develop its products securely, keep its customers secure and keep the company itself secure, but Black also finds it quite rewarding. "In addition to being the corporate CISO, I provide oversight for Citrix products, where my job essentially is to define one framework and one set of standards and get everybody on board with a common vision," he says.
To achieve these goals, Black says that he has to engage with many aspects of the business, including sales, marketing, internal audit, design, engineering and business leaders. "It's more of a question of who don't I work with," he says.
When it comes to internal Citrix security, Black works closely with the physical security and safety teams. "We're running a converged security program, and the person that runs that--the physical side and the safety side--we're working incredibly well together and we're merging our two worlds together so we have visibility into our entire supply chain: products, services, people and data."
Given CISOs' ability to add value to all those critical areas, it's no surprise to learn security vendors are snapping them up.
"Security companies often don't realize that their products aren't doing what security people need. I have sales people calling me constantly saying, 'This widget will make you more secure. You don't understand how important this is to you.' Most of the time they don't have a clue what is important to me," Black says.
But that's exactly the kind of value that both Cowperthwaite and Moskites hope to provide to their new employers.
"Vendors need to hear the honest truth and help them understand practitioners. They really do. The fact that there's this chasm between vendors and practitioners and nobody trusts each other across this chasm is unacceptable. There is immense distrust across that boundary," Cowperthwaite says. "If I can help them breach that boundary and establish more trust, then I'd consider the mission a success."
Helping to build that trust, both with the vendor community and within the company's own infrastructure, was one of the things that attracted Moskites to her new position--plus she still gets to do what she's always done as CISO. "I am still a security officer at Venafi. I'm still doing the day-to-day securing of the company, writing security policies and procedures, but on a much smaller scale than at Time Warner. But only now as part of my job I actually talk to people about things that I'm passionate about. And that's very cool."
Sign up for Computerworld eNewsletters.