What is now required is political acumen, managerial experience and personal gravitas, more than raw technology skills. By JC Gaillard.
In spite of being widely used, the role of the Chief Information Security Officer (CISO) has only had a few decades of existence and is still evolving. Research from the Security Transformation Research Foundation — based on the semantic analysis of the content of 17 annual global security reports from EY between 2002 and 2019 — points towards the role having already gone through 2 clear phases in its evolution, as it heads into its third decade of existence.
The first decade of the century was essentially a “Compliance Decade”: Security was seen as a balancing act between compliance requirements, risk appetite and costs; the CISO was mostly a risk manager. The last decade has been effectively a “Realisation Decade”, during which cyber security started to be seen as a necessary barrier against real threats, in a context of increasing cyber-attacks and data breaches (in number and scale), massive technological change and the aftermath of a historical financial crisis.
The role of the CISO is entering its third decade of existence and it is likely to be an “Execution Decade” with cyber security becoming an imperative, as the “when-not-if” paradigm around cyber-attacks takes root in the boardroom. Follow the link to the full article to learn more!
[Read More]