Businesses have done away with clunky closets full of rack computing in favor of the cloud. Soon the chief information security officers (CISOs) who used to sit in those hot, windowless rooms will be replaced by more flexible employees who understand the business side of their roles as well as they understand the dynamic nature of a career in cybersecurity. Having business and legal chops will become an essential part of adding value to a company as a CISO.
A new Forrester whitepaper, entitled "Evolve to Become the 2018 CISO or Face Extinction," provides a look into the future of a role that is becoming more varied and demanding than ever before. Here are five ways the CISO of today can start thinking and acting to become the CISO of tomorrow.
Asking management for money to prevent threats only works so many times. A fully technical explanation is not convincing for C-level executives who need to understand where the money is going and how it affects the bottom line. The number of CISOs who report directly to the CEO or president of their companies increased by 5 percent from 2012 to 2014, and that number will only continue to rise.
The evolved CISO paints a clear picture of why cybersecurity is a critical component of business, which also makes it clear why advanced cybersecurity (and the CISO role) are indispensable. The holistic understanding of information security is critical to business leaders who don't speak XSS or SQL but speak a lot of ROI and customer retention.
Instead of today's "hacking-prevention person," the CISO of the future will be an expert in matters of enterprise security and compliance. While the job description still includes preparedness for and responsiveness to all hacking activity, compliance with all pertinent e-commerce and cybersecurity regulations is rapidly climbing the list of priorities. Remaining compliant to avoid fines, liabilities and disastrous data breaches is critical to a business's reputation and bottom line — explaining this clearly to management while ensuring no compliance issues ever arise is the new normal for CISOs.
Moving forward, the order of a CISO's priorities will be essentially reversed. As a C-suite executive, the 2018 CISO will be expected to go between high-level business management and IT teams in the trenches, ensuring that business goals and integrity are maintained by the cybersecurity team while also having a much closer picture of what's happening in the boardroom.
Being the primary liaison between the business and IT will shift to the forefront of the CISO job description, while actually engaging in preparation or crisis response will be near the bottom. If your idea of a career in cybersecurity is all screens and no people, then the CISO role is not the job for you.
Some companies may do away with the title CISO altogether as they restructure to grow with current trends. Understanding that the role of a CISO is shifting toward the role of corporate information risk director is an easy and powerful way to understand the imminent changes in corporate organizational philosophies.
Future CISOs could come from a legal or business background just as easily as from a more traditional technical one, which means that the volume of competition is increasing exponentially. Being proactive with titles, terminology and goals is a great way to stay ahead of changes by helping your company (and yourself) remain relevant before it's too late.
Not everyone thinks a CISO has to be innovative — but the new one does. Understand your company's goals and create unique ways to help achieve them that still maintain your standards for security. CISOs will be uniquely positioned to understand business goals and cybersecurity realities, which means they can add value without adding risk.
CISOs should not just prevent losses, but also contribute to business growth, and this will only become more vital as the role continues to evolve. For more on how to dream big today and not risk getting left behind tomorrow, download Forrester's full report.
Photo Source: Flickr