Not long ago, Gartner research reported on new challenges and responsibilities of IT leaders, concluding that the traditional roles of the CIO and IT organization are far too limited for the quickly evolving digital world.
In the same spirit, Cisco published a report last year suggesting serious concerns about today’s Chief Information Security Officers (CISOs) in terms of alignment with their security teams, supply chain and incident response capabilities. Plus, the age-old challenge of securing board buy-in.
With that in mind, Doug Drinkwater, a writer for CIO magazine, interviewed several industry leaders on what CISOs will look like in 2020.
“The role of CISO continues to evolve in that the expectation now is that the CISO not only be security savvy, but also technically adept and business aware,” said Becky Pinkard, director of security operations at Pearson, in an interview with the magazine. “The right CISO is the ultimate weapon in the resource arsenal against cybersecurity issues.”
Like Pinkard, other cybersecurity leaders weighed in on what they see in the future for CISOs.
Here are a few highlights of CISO predictions:
- “New CISOs originate from other areas of the business areas already aligned to risk. Fewer will originate from an audit and compliance background but a closer understanding of legislation, governance and ultimately risk is important with a necessary skillset to demonstrate understanding in this area.” ~ Neil Thacker, information security and strategy officer at Websense.
- “The CISO role is becoming more business focused. My role is about influencing, stakeholder management, positioning and communication. My role is not terribly about making decisions, doing risk assessments or understanding the latest technology… It’s about getting the board’s head in the right place so they’re OK with spending money and putting resource into this, and that they realize the benefit in it. I think more CISOs will have to do that in the future.” ~ Andrew Rose, CISO at NATS
- “The CISO will become a subordinate role to the CRO, focusing back on technology whereas the CRO will have wider risks to consider.” ~ Phil Cracknell, information security consultant
- “The CISOs of 2020 will be more business aligned and business relationship oriented. They will be closer to the company’s assets with regard to assigning ownership and accountability.” ~ Neil Thacker, information security and strategy officer at Websense.
- “They need to be a much more rounded business professional. If they aren’t, they’ll get replaced. Because if the CISO goes to the board and talks about technology, viruses and TCIP packets, they will not be invited back.” ~ Andrew Rose, CISO at NATSIn all, CISOs need to “evolve [their] ability to act as the ,” said Nic Wells, CISO at Arriva. “Be able to explain technology risks in the terms of a business such as exposure, reputational impact and financial risk.”
In all, CISOs need to “evolve [their] ability to act as the interpreter/translator between technology teams and business functions,” said Nic Wells, CISO at Arriva. “Be able to explain technology risks in the terms of a business such as exposure, reputational impact and financial risk.”
Read the full article by Drinkwater for CIO here.