What will the CISOs of 2020 look like?
By Doug Drinkwater
Ever since its inception in the late 1990s, the CISO job has tended to be a very technical job. The CISO would likely report to the CIO and have a varied background as a system or network administrator, or perhaps as a security analyst in a security operations center (SOC). Almost all CISOs were male, with either experience in computer science or perhaps as a senior manager in the military.
However, this traditional view of the job has shifted in more recent years thanks not only to workforce diversification, but also to a growing desire for security to be more aligned with business interests.
As a result, today you’ll find male and female CISOs, from all backgrounds, offering a variety of skills and experiences. They may not be all CISSP qualified, but they know how to project manage, communicate, and to build a business case for information security.
Some of these next-generation CISOs have come from areas you wouldn’t necessarily associate with infosec, such as psychology, sociology and law.
However, the job is not an easy ride, despite the lucrative salary. The job responsibilities are ever increasing, the hours are long, and failure around any security incident almost always results in dismissal.
“The role of CISO continues to evolve in that the expectation now is that the CISO not only be security savvy, but also technically adept and business aware,” says Becky Pinkard, director of the security operations center at British publishing house Pearson. “The right CISO is the ultimate weapon in the resource arsenal against cyber-security issues.”
Neil Thacker, information security and strategy officer at web security software vendor Websense, believes that businesses will increasingly look for this person from other lines of business.