Lessons in Cybersecurity Leadership

A lot of businesses say they prioritize cybersecurity and invest exorbitant amounts of money in hopes of preventing a data breach. The reality is money can't do it alone.

Todd Fitzgerald teaches Cybersecurity Leadership in Northwestern Engineering’s Master of Science in Information Technology (MSIT) program, and he says the money toss is the single biggest myth about cybersecurity. Without a larger security plan in place, throwing money at the problem is just throwing money away.

"Cybersecurity leadership is all about reducing the risk to a level an organization is comfortable with accepting," Fitzgerald said.

That opinion is based on Fitzgerald's experience leading IT and cybersecurity programs for Fortune 500 and other global organizations over the past 20 years. Fitzgerald's views on cybersecurity are also influenced by the more than 75 award-winning Chief Information Security Officers (CISOs), members of professional associations leaders, and cybersecurity standard setters he spoke with for CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers.

The book provides a complete guide for readers on how to protect their information by building complete cybersecurity programs and covers topics such as strategy, trends, technologies, structure, and risk management.

Fitzgerald shares these and other lessons with MSIT students in Cybersecurity Leadership. His goal is to help students understand the importance of data security so they can take the lessons learned in the course and apply them to their own work.

Fitzgerald, who also is a member of the MSIT Industry Advisory Board, said the first step any business should take in developing its cybersecurity strategy is to create a complete asset inventory to know what needs to be protected. From there, companies should focus on its most prized possessions — the information that impacts the business’s ability to operate and produce revenue.  

When Fitzgerald began his career in IT, security was primarily considered to be the department that granted access to files. Today, information security is a strategic leadership position necessary for organizations to protect their business. The significance of that shift is one he enjoys sharing with MSIT students so they recognize the role they can play in protecting their own companies and boosting their own careers.

“Cybersecurity knowledge is not just for those leading security organizations, but also for those leading IT and those interacting with IT,” Fitzgerald said. “MSIT students can demonstrate their understanding of not just the technical layers, but the leadership cybersecurity questions that need to be answered."