Gartner says the role of the Chief Information Security Officer (CISO) is growing, and the scope of digital business intensifies. Among board directors, 64% say their organisation is trying to significantly alter its economic architecture to put more emphasis on digital (revenues, margins, productivity, etc.). At the same time, 88% say they recognise cybersecurity as a risk to the business.
A great CISO can assess and prioritise appropriate assets that need to be protected. Understand and prioritise the risks to those assets. Convey those risks in terms that boards can understand to allocate necessary budgets. Identify and implement appropriate controls to protect those assets.
Apol Salud, chief security and digital officer at Gur Lavi Corporation, says the CISO mandate has moved from ensuring that the company is protected to one where the emphasis is on ensuring it is well-defended against threats and attacks.
He added that the role of the CISO has expanded beyond purely focusing on operations to now becoming an enabler of business. He contends that the CISO needs to be able to speak the language of business. He suggests explaining the value of cybersecurity in financial terms.
Salud believed that an effective CISO takes time to understand the position of the other parties and their KPIs. He opined that when people come to a table, they have interests they want to protect.
Successful CISO
Salud acknowledged that a CISO is a cybersecurity professional familiar with networks, systems and data, and security.
“To be a successful CISO, you need to be a versatilist – both a generalist and a specialist. A versatilist is unique to a CISO’s role in that he or she has the technical acumen to understand the different technologies on hand, keeps a regular tab on the cybersecurity threat landscape, and is able to converse with non-technology professionals in terms they are able to understand and appreciate."
Apol Salud
End of the road
While acknowledging that the CISO role is a relatively new position within the C-suite, the says “becoming a CISO is generally considered the final destination of one’s cybersecurity career path.”
A powerful and high-paying role, the CISO role is considered the final destination of one’s cybersecurity career path, according to Cybersecurity Exchange Council. But is it an end-of-the-road career path?
Salud argues that it depends on the person’s willingness to be a versatilist. In his case, he currently has responsibility for both the information technology team and the cybersecurity team.
The IT team focuses on a company’s network efficiency while the cybersecurity team seeks out weaknesses and vulnerabilities within a network’s security systems. For Salud, having both practices under one leader presents an opportunity to bring together sometimes adversarial teams to work together and propel the business to grow and move forward.
Click on the link to hear Salud share his experiences on cybersecurity and digital transformation development.
- How has the role of the CISO shifted in the current environment?
- When demonstrating business value, what is one of the most important strategies for CISOs to keep in mind?
- How do you juggle the differing expectations, interests, and demands of leaders in your organisation, as well as users, third-party business partners, regulators, and customers?
- Coming into 2023, what will be the key challenge facing the CISO?
- What makes for a successful CISO? What one quality do you think will prove most valuable to a CISO’s future?
- Where do you see the CISO career moving?