All of us know what a Chief Information Security Officer (CISO) does from afar. A CISO upholds the organization’s overall security by overseeing the operations of the IS practice, the IT security department and related staff. In this capacity, those who become a CISO attain the highest paying job in information security, as it carries the associated responsibility of enabling business in a fast-evolving threat landscape.

But is there more to this job than that description is letting on?

To find out, The State of Security reached out to several CISOs to discuss what the job entails in practice. We also asked them to identify important qualities that a modern CISO needs in order to be successful. Their responses help to illuminate the realities of working as a CISO and how this position has changed.

More Than Just ‘Cyber’

The position of CISO does not solely uphold security within the “cyber” space. Its scope is much broader than that. Lou Klubenspies, Senior Director, IT risk management & CISO at PerkinElmer, Inc. makes this point clear:

For most people, sayings like “CISOs prevent breaches” “CISOs defend against hackers” feel about right. People also believe that CISOs accept or sign off on cyber risk, but in fact, they don’t (and shouldn’t). A CISO’s job is to identify and highlight cyber risk to the business and then to build and operate an information security program that aligns to the organization’s risk tolerance. Cybersecurity is only one facet of it. The role is really about risk management in general; it often includes things like compliance risk and physical plant security, as well.

CISOs are ultimately responsible for managing these and other projects. They won’t get the job done with just technical expertise, however. On the contrary, they need to exercise strong leadership skills (Read more...)