As Gartner argues that the boards should be listening more to the CISO for advice, rather than treating them as the defender of the business, Hewlett-Packard CTO for Enterprise Security Andrzej Kawalec believes that the modern CISO requires less of a technical background and more of a risk-oriented one.
Speaking to ZDNet, Kawalec pointed to the more balanced professionals that he sees as the new generation of CISOs.
“It’s no longer just computer science, cryptography majors. We’re seeing lots of lawyers, lots of people with MBAs coming in, social scientists coming in. They’re really interested in privacy, the nature of relative security in organisations, and how you manage risk, not just in how many types of cryptographic [algorithms] and quantum physics you can apply.”
Kawalec said that the role of the CISO has been ill defined, partly because it keeps changing in response to rapid technology changes, and that it doesn’t necessarily require a technically minded individual.
This means that even though the CISO, which has been viewed as the person the board goes to for their technical matters, doesn’t necessarily have to have technical expertise.