The changing role of the CISO
Digital transformation has widely transformed the dependence on IT within companies, its security and the role of the Chief Information Security Officer (CISO), which is becoming more and more important.
But what makes a CISO successful? What does a typical CISO profile look like? Is the typical CISO part of the board? How is IT security going to be structured as a result?
CISOs have to evolve from internal advisors and technical experts reporting to the IT department to a fully independent entity that manage growing resources and business responsibilities with a focus on cyber security risks exposure and business issues. This ideal vision must be backed by organizational changes, but also by a change in the CISO culture.
CISOs are now more and more often heading cyber security units with internal and external resources that they must manage well, especially with the current talent scarcity. They must be full-time managers who take executive decisions. In the digital age, you must have full visibility and a holistic approach to manage risks in cyber security. Business knowledge and collaborative capacities are a must-have for CISOs to engage with other executives and partners, so they are able to assess cyber risks. Those changes explain why more and more CISOs are choosing to undergo Master of Business Administration (MBA) training. But some CISOs do not want to embrace this evolution and prefer to stay technical experts, and this could now be an issue for both the cyber security in their companies and their own careers.
Being a CISO is not just having a more gratifying title, it is becoming a full-blown executive who is one of the enterprise’s managers.
In 2018, teknowlogy interviewed 250 IT security decision-makers (CISOs, directors and heads of IT security, and others) on the future role of the CISO. Those interviews were based on a CATI (computer-assisted telephone interview) approach, with professionals from the Americas, EMEA & APAC. In addition to the quantitative study, 11 qualitative expert interviews were conducted. Our recently published SITSI® InBrief "The Changing Role of the CISO" summarizes the survey results and our analysis thereof.