Recent attacks highlighting the foundational role of software in critical services—a dynamic encapsulated by the term “infrastructure is code”—are boosting calls for a new cybersecurity workforce component: a chief product security officer.
“Many of these safety physical and safety critical product lines and highly regulated lines like medical device makers, and industrial environments have already been adding, whether it's a chief product officer or a head of product security that is often peer to or even the superior to the [chief information security officer] who's doing more enterprise security or operational risk management,” said Senior Cybersecurity and Infrastructure Security Agency Advisor Josh Corman.
Corman and Veracode Founder Chris Wysopal hosted a session Thursday during the RSA conference on why organizations should consider onboarding a CPSO.
“The idea is we need this new individual, to do something that, you know, spans many different departments now,” Wysopal said. “It spans engineering, it spans compliance, it might span your supplier management. It certainly spans information risk, but it's changing, and we're not sure that the CISO model really fits for what's needed for the future so that's why we're really calling for a CPSO now.”
The rise of the CPSO is due in part “because the software failure has been growing in volume, variety and impact,” Corman said. “I didn't think I'd ever be saying this but we are in fact seeing national security-level cybersecurity failures from a series of accidents and adversaries and nation-states and regulators of course domestically, internationally and in the private sector are taking notice and taking action.”
Before joining CISA, Corman was a chief security officer heavily focused on product security and founded an organization called I Am the Cavalry, which emphasized the physical harm possible from software-enable ..
Support the originator by clicking the read the rest link below.
