Skip to main content
October 22, 2015

The New Information Security Career Path for CISOs

New information security career path for CISOsAn organization's security posture is becoming a key success factor. As cybersecurity becomes more essential, the role of the chief information security officer (CISO) is rapidly evolving — and with it the information security career path.

A recent Forrester report, entitled "Evolve To Become The 2018 CISO Or Face Extinction," highlights how the CISO role is shifting to that of a business manager who specializes in change management and process oversight.

The nightmare of a data breach like those suffered by numerous large corporations in the recent past is increasing the responsibilities of modern CISOs. A data breach can have a dramatic, lasting impact on enterprises, including loss of revenue and reputation.

The principal problem is that modern enterprises have a huge attack surface area due to numerous interactions with third-party services and applications. Paradigms such as social networking, the Internet of Things and cloud computing are increasing enterprises' exposure, and the level of complexity of cyberthreats is rising dramatically.

As the report explains, security risks need to be carefully evaluated and mitigated, stating, "Business leaders are no longer able to turn a blind eye to information and cyber risk. Unfortunately, when they reach out to their S&R team, they rarely find the answers they seek in a language they understand."

An Evolving Role

With the rapid diffusion of technology in modern business and an evolving cyberattack landscape, new skills are expected of CISOs, whose responsibilities have come to include the development of business skills and relationships. Changes in the information security career path include the incorporation of new domains related to business and customers, such as privacy and compliance.

Traditionally, CISOs tended to focus on technology, but the evolution of the role requires them to add other corporate functions to their responsibilities, such as financial decisions and communications."The additional responsibility that comes with the changing role will mean that the CISO career path will look very different. CISOs will have to decide whether to stay on the technology side or develop the business skills necessary to keep their job as it moves into the new organizational structure," the report states.

A new information security career path is necessary to create a new generation of security leaders. Information will be even more critical for enterprises, and the modern CISO will need to have a deep knowledge of cybersecurity risks and privacy issues.

All aspects of IT compliance will come under the CISO's jurisdiction. As companies face increasingly complex environments due to interactions with third-party ecosystems, IT compliance will be another important challenge for security executives. CISOs must drive the organization's ability to collect and manage data from various sources, implementing proper security controls and authorization mechanisms.

The CISO of Tomorrow

As suggested in the Forrester report, CISOs have to modernize their role by following a self-improvement plan that includes a continuous training program covering both technical and non-technical topics. CISOs must understand the business of their organizations, and how they can align security measures to business goals. This is possible only if these professionals have a deep knowledge of the market and its evolution. These new leaders have to be able to create strong relationships with business partners, seeking out allies who can advance the organization and its goals.

New CISOs have to disseminate new ideas and initiatives in their organizations, driving new business opportunities that increase revenue and customer satisfaction, while improving the security of the enterprise.

The information security career path has come to a crossroads. The CISOs of tomorrow have to choose to either mainly support the IT sector of their companies or to become managers who are ready for new challenges and multidisciplinary skills and responsibilities.

The window of opportunity is closing, and the time to choose between evolving into a more business-focused leader or remaining focused on the IT agenda is rapidly approaching. It's time to make your move.

Photo Source: Flickr

Pierluigi Paganini is Chief Information Security Officer at Bit4Id, Editor-in-Chief at "Cyber Defense Magazine," a member of the DarkReading Editorial team, and a regular contributor for major publications in the cyber security field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, and The Hacker News Magazine.

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.