What Makes CISOs Successful?

The CISO role has evolved over the past few years from tactical IT manager to strategic business executive. Given this transition, what qualities are most important for making CISOs successful?

To answer this question, I went back to the data from last year’s research report from ESG and the Information Systems Security Association (ISSA). I then cut the data by respondents' role to understand what CISOs think is most important. 

Topics: Cybersecurity CISO

CISO Perspective on the RSA Security Conference

I’ve spent a good amount of time talking to CISOs over the last few months to learn about their current priorities and how their jobs are changing. Of course, many of these security executives will be attending the RSA Security Conference in a few weeks. Based upon my meetings, here’s a sample of what CISOs will be looking for in San Francisco:

Topics: Cybersecurity CISO SOAPA

The Proactive CISO

I’ve spent a good amount of time speaking with CISOs over the past month and plan to write up a report about what I’m learning sometime after the RSA Security Conference. In the meantime, it’s become crystal clear to me that CISOs are becoming more and more proactive in their jobs in a few areas including:

Topics: Cybersecurity CISO GDPR

What’s on CISO's Minds in 2018?

I’ve just begun a research project on CISO priorities in 2018. What I’m finding so far is that CISOs are increasing their focus in several areas including the following:

  1. Business risk. Yes, CISOs have always been employed to protect critical business assets but in the past, this was really executed with a bottom-up perspective – from IT and security infrastructure up to business processes. Fast forward to 2018 and CISOs are moving to a top down view from business processes down to the technology. This broadens their view of risk and mandates that security controls work collectively to protect ALL the technologies used to accomplish business processes. This is a profound change that challenges even the best CISOs and security organizations.
Topics: Cybersecurity CISO identity management

Cybersecurity Job Fatigue

According to ESG research, 51% of organizations report having a problematic shortage of cybersecurity skills in 2018. This is up from 45% in 2017. 

Topics: Cybersecurity CISO ISSA

Why Do CISOs Change Jobs So Frequently?

Happy 2018 everyone – let’s hope that this is a good year for cybersecurity professionals and global cyber safety. 

Of course, an organization’s cybersecurity success is often a function of the effectiveness of the CISO. A strong CISO can mean the difference between functional cybersecurity and constant chaos. 

Topics: Cybersecurity CISO

CISO’s New Year’s Resolutions

Most people have a few New Year’s resolutions – lose some weight, exercise more, spend more time with the family, etc. Based upon ESG research and many discussions with cybersecurity professionals, here’s a list of New Year’s resolutions for enterprise CISOs:

  1. Lead the effort to make cybersecurity part of the organizational culture. ESG/ISSA research indicates that 24% of organizations claim that business managers still don’t understand or support the right level of cybersecurity. In 2018, CISOs must alter this cybersecurity ignorance and apathy. How? Make a concerted effort to gain the CEO's support. Establish regular communications with all line-of-business managers. Work to better quantify risk in ways that business managers can understand and act upon. Get involved with business process initiatives before software developers begin writing code. Push HR for more hands-on training. Walk the floor and meet employees on a regular basis. CISOs must push as hard as they can in 2018. Those that make a difference can have a personal impact on risk mitigation across the organization. Those that fail should be ready to seek other employment in 2019.
Topics: Cybersecurity CISO ISSA SOAPA

What Defines Job Satisfaction for Cybersecurity Professionals?

Everyone is busy writing their cybersecurity predictions for 2018 and while I haven’t published my list yet, here’s an easy call – the cybersecurity skills shortage will continue to be an existential threat in 2018. 

As a review, here are a few data points that lead me to this conclusion:

    • 45% of organizations claim to have a problematic shortage of cybersecurity skills in 2017. By the way, 46% of organizations claimed to have a problematic shortage of cybersecurity skills in 2016, so things are not improving.
Topics: Cybersecurity CISO ISSA

Cybersecurity Professionals Aren’t Keeping Up with Training

I’ve written a lot about the cybersecurity skills shortage lately, based upon data from a new research report titled, The Life and Times of Cybersecurity Professionals, a collaborative effort done by ESG and the information systems security association (ISSA). The report indicates that:

  • 70% of cybersecurity professionals believe that their organizations have been impacted by the cybersecurity skills shortage.
Topics: Cybersecurity CISO ISSA

What’s Holding Back Enterprise Security Technology Transformation?

Last week, I wrote a blog about the rapid cycle of innovation happening with security technologies today – I’ve never experienced a time when every element of the security stack is transforming.

New security technologies are arriving at an opportune time. According to ESG research, 69% have increased their cybersecurity budgets in 2017 and my guess is that they will continue to increase investment in 2018. And when asked which BUSINESS initiatives will drive the most IT spending, 39% of organizations responded, “increasing cybersecurity protection.” This means that business executives are buying into the need for cybersecurity improvements all around. 

Topics: Network Security Cybersecurity SIEM CISO cloud security ISSA