“Recent attacks highlighting the foundational role of software in critical services—a dynamic encapsulated by the term ‘infrastructure is code’—are boosting calls for a new cybersecurity workforce component: a chief product security officer.
‘Many of these safety physical and safety critical product lines and highly regulated lines like medical device makers, and industrial environments have already been adding, whether it’s a chief product officer or a head of product security that is often peer to or even the superior to the [chief information security officer] who’s doing more enterprise security or operational risk management,’ said Senior Cybersecurity and Infrastructure Security Agency Advisor Josh Corman….”
“The rise of the CPSO is due in part ‘because the software failure has been growing in volume, variety and impact,’ Corman said. ‘I didn’t think I’d ever be saying this but we are in fact seeing national security-level cybersecurity failures from a series of accidents and adversaries and nation-states and regulators of course domestically, internationally and in the private sector are taking notice and taking action.’…”
“Corman said secure software engineering knowledge would be really important for the CPSO but that their activities could also involve threat modeling and a focus on security architecture pre-development, more penetration testing and coordinated vulnerability disclosure programs, [product security incident response] and risk management.
‘We hope that you start your journey,’ he said. ‘Whether you’re going to become a chief product security officer, you’re gonna work with one or you’re really gonna perform a subset of those functions. The increased regulatory scrutiny, the increased market demand gives you the opportunity to maybe redefine and forge another career path than you’ve had thus far. We’re in the face of significant turbulent technological changes, and these may be either threats to your old program or maybe even opportunities for you to insert and uplevel your game.’…” Read the full article here.
Source: CISA Official Promotes an Emerging Cybersecurity Role in Wake of New Executive Order – By Mariam Baksh, May 21, 2021. Nextgov.