Most executives in a company are focused on building on the company’s strengths. The chief information security officer, however, must look through a different lens. The job of the security chief is to measure the risks to the business, and then to work to reduce them. That means focusing on weaknesses, namely on weaknesses in the company’s networks, systems, and business processes. It’s a big job that requires a comprehensive plan, strong skills, and a good set of tools.