Defining the Role of a CISO During Digitization

The role of information security is rooted in information technology, the origin of which was catalyzed by the development and adoption of the modern computer. The reason IT, and eventually IS, was held separate was the fact that it was an enablement function. When IT was created, these teams worked with computers the size of conference rooms that needed constant care and attention. The technology evolved, these teams became responsible for ensuring that the rest of the business units had the solutions they needed to run the business.

In the late ‘90s and 2000s, this meant developing hardware architecture and procuring or building various solutions. Security teams were still only starting to evolve during the rapid development of the IT function. Many CEOs and board members had little understanding of these new technologies invading their organization, let alone the associated risks. During this time, technology was an enigma, and only the most dedicated students gained an understanding of how they operated. The result was information leaders selling their CEOs and boards on the idea that “this is the future.” As we have seen, these pioneers were correct. We see now that the information and, more specifically, information security professionals who have primarily operated on the periphery are taking center stage. They were the individuals that the CEO called upon only in a crisis - a breach, a hack - and a symbol to their customers and stakeholders that they are taking information security seriously. The creation of the CISO role was based on reactionary thinking, yet the personalities that were attracted to this position were and are not reactionary. They were the proactive leaders who saw that the future is digital and helped their colleagues and superiors see it too.

Today, the digitization train has left the station - it does not take a master salesperson to convince the board and CEO that organizations need to digitize fast. While leaders may spout terms like cloud-based technology, design thinking, and agile project management, traditional business leaders have not been rooted in these technologies and processes for decades. It is the CIOs and the CISOs. The information business leaders have been ingrained in the technology their colleagues want to adopt. As Gartner says - “CIOs may not realize it yet, but enterprise leaders may already expect CIOs to step up and are getting impatient.”

Digital Transformation as a Strategic Inflection Point

Digitization in any form, especially for an organization undergoing a complete digital transformation, represents an inflection point. The IT leaders are uniquely positioned due to compounding time investment in the technologies that CEOs want to implement. We are at a turning point for the role of the CISO.

We are on the precipice of realizing the full potential of the CISO position. Since the CISO position was created, these leaders have been the secret keepers - the person behind the curtain, keeping the company secure while everybody else did their job. The marketing team bought billboards, the sales team made cold calls, the operations team kept it all running, and the IT team kept the computers online and secured. As technology has permeated every aspect of an organization, the defined lines between IT began to fade. Now, every organization relies inextricably on various platforms and technologies, and the security organization is responsible for keeping it all secure - in all, the changing face of digital risk management.

What this means for CISOs today is their role has changed. No longer can they stay behind the scenes. The CISOs of today and tomorrow must have the passion for technology and security they have always had. What differentiates them from the pioneers is their ability to articulate their program and progress comprehensively to non-technical stakeholders, solicit buy-in, and establish relationships across the organization to keep all business units secure and, above all, manage a comprehensive and integrated security program.

Share Your Cyber Expertise

This shift from technical leader to technical and business leader will not be suited for some. It will require a change in mindset for current CISOs to view themselves as an integral member of these initiatives as they take place. However, it is paramount that CISOs take an active role in any digital transformation initiative. The IT leaders who derive their professional ancestry from those who got board buy-in to buy million-dollar computers the size of storage closets, the managers who have been using agile management before Silicon Valley scaled it outside of IT, have the highest command of this knowledge. It is selfish to keep this wealth of knowledge trapped within your team - share it; there are those looking for it.

Sharing cyber expertise is becoming a critical component of cyber and business success. Establishing communication between cyber and business is now being codified into regulations like the SEC Cybersecurity Rule and the NIST CSF 2.0. CISOs must prepare to report cybersecurity to the Board with the most critical information translated into financial business terms. Contact us to learn how CyberStrong supports the CISO role and prepares security professionals for cybersecurity board reports with the Executive Hub.