Between managing digital transformation and overseeing security in the new COVID-19 normal, are we witnessing the rise of next-gen CISOs?
This hasn’t been an easy time to be a CISO. At the end of 2019, the main focus for many IT and security departments was a smooth transition into digital transformation. That all shifted in March when digital transformation turned into a frantic rush to make sure people had the right setup to work from home and CISOs were charged with keeping this patchwork of new connections to the network secure. Between digital transformation efforts and a new COVID-19 normal, CISOs increasingly need to pivot. Could this be the beginning of a next-generation CISO?
“As digital transformation drives organizations to become more agile and responsive, the CISO faces demands to quickly prove their worth as an enabling force, while protecting the business in an increasingly turbulent risk environment,” said Steve Durbin, managing director at the Information Security Forum (ISF), in a formal statement. “Becoming a next-generation CISO requires an individual to embrace and master new skills and disciplines, making themselves indispensable, future-proof and highly sought after.”
According to a briefing paper from ISF, many of the forces responsible for the evolution of the CISO’s role are coming from external pressures, such as the rush to digital technology, regulatory compliance burdens and disruptive events including COVID-19 or natural disasters. Internally, CISOs also must address changes in maturity models that measure security. “Increasingly, maturity models are being combined with risk management as a means of refining approaches to
information security and helping it become more relevant to the organization’s way of doing business,” according to the paper.
Initially, being a CISO was all about keyboards and command lines. Today, even though the technical connection is still there and still important, the CISO’s role has evolved so it is more closely linked to business operations and is more concerned with risks that could interrupt those operations. Where a CISO once was tightly connected to IT, they are now expected to have regular access to the board and be known around their organization for their advocacy of infosec, strong leadership and knowledge of how tech can be used to help the business.
According to Mark Ward, senior research analyst at ISF, the next-generation CISO is becoming less about tech and more about talking. “CISOs are used to having their hands on the keyboard, but they need to step away from that and get out and about, meet people and solve their problems,” he said. “It’s becoming a real diplomatic posting—partly because infosec as a discipline crosses the boundaries of so many other departments.”
And yet, Ward added, digital transformation has made times interesting for CISOs because suddenly technology is at the center of everything an organization wants to do. “CISOs should be well-placed to help with that, given their history and expertise with technology, and they should get deeply involved in the digital transformation,” he said. “That’s tough, as infosec has a reputation of slowing down change—often for very good reasons—but next-gen CISOs are changing that view.”
COVID-19 is, hopefully, a temporary situation, but its impact is going to be felt for a long time in the infosec community. According to research from Thycotic, spending on cybersecurity is going to increase due to COVID-19 as more technology is added.
“I believe this was a path and direction most organizations have been going down; however, it was always a lower priority,” said Joseph Carson, chief security scientist and advisory CISO at Thycotic. “With COVID-19, it has accelerated the investment into both cloud and remote working budgets, which includes the need for secure remote access and the ability to access from any location.”
Carson noted the importance of having the next-gen CISO have a seat on the company’s board, as it helps ensure the technology that supports remote working environment are also secure by design. “The CISO needs to be able to speak the same language as the board,” he said.
The novel coronavirus certainly sped up the change whiplashing through organizations, which has put more pressure on CISOs to remain relevant, Ward added.
“Right now next-gen CISOs are fairly rare, but I’d imagine a lot of modern CISOs are going through a rapid evolution to that new status and developing skills that will reshape how they, and their organization, view them,” Ward continued. “It also gives them a great opportunity because the pandemic has galvanized cyber thieves to bombard organizations with attacks.”
CISOs are masters at handling adversity and can use that knowledge and skill to demonstrate their growing relevance in new ways. The next-gen CISO, Ward said, will become known as trusted advisers across the organization, as their deep knowledge of tech helps them offer solid advice on technologies that can be used to get projects done so the organization can move on.
PHP Extended Lifecycle Support (ELS) allows you to continue using older versions of PHP while still receiving security updates for…
In light of cookie stealing attacks and to ensure Chrome browser protection, Google has recently piloted its new Chrome DBSC.…
See how a SafeBreach Labs researcher bypassed the anti-tampering mechanism of a leading EDR to execute malicious code within one…
The world advances based on innovation, and innovation can come from anywhere. The trouble is that the current capitalist economic…
In their haste to deploy LLM tools, organizations may overlook crucial security practices. The rise in threats like Remote Code…
While inexpensive and crudely built, the ransomware variants still post a threat to smaller companies and individuals, Sophos says.