The CISO role has been around for almost 25 yrs. and has steadily evolved over the past decade. CISOs were initially seen as pure technologist, practitioners and implementers of security controls to protect critical assets of an organization. CISOs in the past were buried deep within the organization and less visible. Their level of authority was limited, sometimes unintentionally by the Chief Information Officer (CIO) which was more of a C-suite role. The CISO had no independent function and mostly seen as an overhead to business leaders.
Digital transformation and emerging technologies has redefined the threat landscape and contributed immensely to the evolving role of CISOs in organizations. Organizations are now looking to innovate and interact with its customers via multiple digital channels to improve performance and gain competitive advantage. These new technologies are now the primary and critical vehicles that drive the business performance and enable the business. The emergence of new threats has brought a lot of spotlight to the CISO role and there has been a shift to the expectations of the new CISO.
Today’s CISO cannot be just a technologist. The new CISO must be a business leader; They should see cyber threats as a risk or most importantly as a business risk, not just a technical problem. Today’s CISO must work collaboratively with business leaders, be part of the business decisions and contribute effectively, and provide insights on how security can be partnered with business leaders to achieve the objectives of the business. The new CISO should be an effective communicator with different audiences (especially with the Board of Directors) translating cybersecurity language into business language. The new CISO should be able to influence and effectively change the culture of the organization. The overall cybersecurity program should align well with the business objectives but also should be flexible enough to adapt to changes with business priorities. Risk Management is one of the critical tools for today’s CISO, to understand the risk and how it impacts the business. The NextGen CISO is a C-suite leader who has the respect of other business leaders and a critical strategist and resource for the business to meet its objectives.
I hope this gives some overview on the role of Chief Information Security Officer, stay tuned for more.