Site icon Information Security Buzz

Why do CISOs only Stay with you for 18 Months?

Why do CISOs only Stay with you for 18 Months?

Are you an IT security specialist dreaming about being something more? Does your career have a ceiling?

What is a CISO?

In the past, businesses were run by a small senior management team headed up by a managing director who reported to a president or board of directors. In addition, there were line managers who had a thorough knowledge of their own area, but little else. These were often seen as narrowly focused specialists. Today, however, the business landscape looks different. The top leadership has senior level deputies who are experts in their specific fields while at the same time understanding the business development strategy. This is how the C-suite was born, including, in many organisations a position of Chief Information Security Officer (CISO).

A CISO is responsible for establishing and maintaining processes in an organisation that ensure information assets and technologies are protected and IT risks are reduced. Over the past decade, the presence of a CISO has become standard in business, government and not-for-profit sectors. Today’s evolving number of cyber-threats and targeted cyber-attacks has led to growing demand for CISOs in companies around the world. At the same time, there is an increasing amount of media attention devoted to security breaches in international corporations. These not only lead to financial losses, but, more significantly – to reputational damage.

The cyber-threat landscape has emphasised the CISO’s importance, raising the role to a new level. Many organisations now include their CISO on the board of directors and give them the authority to make important decisions.

Challenges faced by CISOs

When CISOs are part of the board of management, their challenges fall broadly into two areas: the first – which we can call ‘lost in translation’ – is a result of the language difference between the CISO and the rest of the board. Technical people usually have a technological mindset; they are focused on their specialist tasks and processes. Before reaching board level they have often lacked the opportunity for true business engagement, even if they have experience as IT generalists. However, the role of CISO requires a strong balance of entrepreneurial understanding, business acumen and technical knowledge.

The CISO is a relatively new role and does not yet have a professional map. Today they manage a wide range of areas: security strategy, IT risk management, threat management, identity and access management, security performance management, IT compliance management, third-party security, and security architecture.

A CISO’s second challenge lies in choosing appropriate vendors for solutions to help manage these areas. The market is overflowing with security vendors, solutions and specialists and it is not easy for an organisation to select those that satisfy its exact business needs. It is essential to pay attention to the integrity of security solutions and their ability to protect complex corporate infrastructure: having ‘just anti-malware’ is not enough; there should be multi-layered protection with flexible centralised control. The protection should be ready to provide additional security measures beyond anti-malware, such as application control and data encryption. Given the diversity of corporate IT infrastructure, mobile and virtualised endpoints also need protecting. Moreover, it is not only a specialised solution that should be implemented. Expert services and support are also a very important part of corporate IT security. Given the complexity of the task, the more vendors and solutions that are involved, the harder it is for the CISO to develop and execute a truly dependable IT security strategy.

The latest research shows that people hold a CISO position for an average of 18 months* and there is an obvious reason for that. This period coincides with the complete cycle of one IT solution procurement and implementation process, the results of which could demonstrate whether the CISO made a strategically correct decision or not. So choosing the right partners appears to be crucial for the survival of the CISO.

A few pieces of advice for CISOs

If your career goal is to become a CISO, the following steps should help you:

[su_box title=”About Kaspersky Lab” style=”noise” box_color=”#336588″]Kaspersky Lab is one of the world’s fastest-growing cybersecurity companies and the largest that is privately-owned. The company is ranked among the world’s top four vendors of security solutions for endpoint users (IDC, 2014). Since 1997 Kaspersky Lab has been an innovator in cybersecurity and provides effective digital security solutions and threat intelligence for large enterprises, SMBs and consumers. Kaspersky Lab is an international company, operating in almost 200 countries and territories across the globe, providing protection for over 400 million users worldwide.[/su_box]

About the Author

Exit mobile version