Role of the Modern CISO Matures

By Gary Hayslip, Deputy Director, CISO, City of San Diego

Gary Hayslip, Deputy Director, CISO, City of San Diego

Ten years ago, as a network architect managing my organization’s network teams, I was surprised one day when my organization’s CIO walked in and said “You are our new Information Security Officer in charge of both network and cybersecurity.” At that time, as the new CISO for my organization, there was no big difference in how I performed my job. My job was all technical, I managed my teams, and kept software and hardware updated. As the new CISO I never spoke with executive management, I had some control of security projects, and I had very little input into my budget.

“The CISO is the key member to reduce risk to their organization and ensure ‘Operational Resilience’”

Fast forward to today and the landscape that today’s CISOs operate in and the role they fill has fundamentally changed. In today’s role as a CISO, one finds that not only must CISOs understand the technical side of cyber security; they must equally understand enterprise risk management and how both disciplines impact their organization’s ability to successfully conduct business. In today’s dynamic environment, companies that lead their industries are now recognizing that cyber security is a board-room priority. These companies have now come to the realization that through their CISO they can become “Operationally Resilient.” Through their CISO they can respond and quickly recover from cyber incidents. Companies without a CISO, however, lack the primary individual within the organization who can provide them insight into its exposure to risks from today’s long list of security threats. Without a CISO, companies limit themselves from being able to recover fully from a cyber-incident without great cost and potentially open themselves to legal repercussions that may have long lasting effects on their ability to operate.

With this new role in mind, the challenges of today’s CISO have also exponentially changed due to the explosion of new technologies and a dynamically-changing threat landscape. Due to these new technologies, many CISOs are now finding the perimeters of their organizations have dissolved as their companies employ solutions such as BYOD, Cloud, and Mobile Devices. This dissolution of perimeters has resulted in CISOs having to educate themselves on new, innovative security architectures, frameworks and understanding compliance regulations to reduce their organization’s exposure to risk.

As the role of today’s CISO change, so have the skills required by this multi-dimensional position. Good CISOs are those with a strong technology background, good management skills and the ability to mentor and lead teams. However, with today’s ever-changing technology and threat environment being a good CISO isn’t enough. Being a CISO in today’s threat landscape requires not only technology, leadership, and management skills; it requires new skills related to business. The role of the CISO today now requires new skills such as business acumen, risk management, innovation, creating human networks, and building cross-organizational relationships. The new CISO of today must be able to define their “Vision” of Cyber-Security to the organization, explain the business value of that “Vision” and secure leadership support to execute and engage the organization in implementing this “Vision”. To now be effective, CISOs require knowledge of multiple skill sets and must be a key member of their organization’s IT leadership team. I strongly advocate that today’s CISO is the one key member of the organization who understands the changing definition of Cyber and champions throughout the organization that cybersecurity is not just a technology issue but an enterprise risk management issue. Through proper engagement with organizational stakeholders including the IT & executive leadership team members as well as the strategic business partners, the CISO is the key member to reduce risk to their organization and ensure ‘Operational Resilience.’

Read Also

Enterprise Architecture success in the Digital Era

Enterprise Architecture success in the Digital Era

Anthony Hill, Executive Director Business & Enterprise Architecture, Kaiser Permanente
All Identities Matter

All Identities Matter

Daniel Krantz, CEO, Real-Time Technology Group
Developing Technology to  Address Big Data and  Cyber-Security Challenges

Developing Technology to Address Big Data and Cyber-Security Challenges

Paul Liebman, CCO, The University of Texas at Austin
Security Needs to be Everyone's Responsibility

Security Needs to be Everyone's Responsibility

John Petrie, CISSP, CISM, CBM, CISO , Harland Clarke Holdings Corp

Weekly Brief