<img src="https://ws.zoominfo.com/pixel/4CagHYMZMRWAjWFEK36G" width="1" height="1" style="display: none;">
Request Demo

A role created in reaction, filled by proactive leaders

The role of information security is rooted in information technology, the origin of which was catalyzed by the development and adoption of the modern computer. The reason IT, and eventually IS, was held separate was the fact that it was an enablement function. When IT was created, these teams worked with computers the size of conference rooms that needed constant care and attention. The technology evolved, these teams became responsible for ensuring that the rest of the business units had the solutions they needed to make the business run. In the late ‘90s and 2000s, this meant developing hardware architecture and procuring or building various solutions. Security teams were still only starting to evolve during the rapid development of the IT function. For many CEO’s and board members, they had little understanding of these new technologies invading their organization, let alone the risks associated with them. During this time, technology was an enigma, and only the most dedicated students gained an understanding of how they operated. The result was information leaders selling their CEOs and boards on the idea that “this is the future.” As we have seen, these pioneers were correct. What we see now, though, is that the information and more specific information security professionals have primarily operated on the periphery are taking center stage. They were the individuals that the CEO called upon only in a crisis - a breach, a hack - and a symbol to their customers and stakeholders that they are taking information security seriously. The creation of the CISO role was based in reactionary thinking, yet the personalities that were attracted to this position were and are not reactionary. They were the proactive leaders who saw that the future is digital and helped their colleagues and superiors see it too.

Today, the digitization train has left the station - it does not take a master salesperson to convince the board and CEO that organizations need to digitize and fast. While leaders may spout terms like cloud-based technology, design thinking, and agile project management, it is not the traditional business leaders that have been rooted in these technologies and processes for decades. It is the CIO’s and the CISO’s. The information business leaders have been ingrained in the technology that their colleagues are looking to adopt. As Gartner says - “CIO’s may not realize it yet, but enterprise leaders may already expect CIO’s to step up and are getting impatient.”

Digital transformation as a strategic inflection point

Digitization in any form, especially for an organization going through a complete digital transformation, represents an inflection point. The IT leaders are in a unique position as they are the result of compounding time investment in the technologies that CEO’s are looking to implement. We are at a turning point for the role of the CISO.

We are on the precipice of realizing the full potential of the CISO position. Since the CISO position was created, these leaders have been the secret keepers - the person behind the curtain, keeping the company secure while everybody else did their job. The marketing team bought billboards, the sales team made cold calls, the operations team kept it all running, and the IT team kept the computers online and secured. As technology has permeated every aspect of an organization, though, the defined lines between IT began to fade. Now, every organization relies inextricably on various platforms and technologies and the security organization is responsible for keeping it all secure - in all, the changing face of digital risk management.

What this means for CISO’s today is their role has changed. No longer can they stay behind the scenes. The CISO of today and tomorrow must have the passion for technology and security that they have always had. What differentiates them from the pioneers is their ability to articulate their program and progress in a comprehensive way to non-technical stakeholders, solicit buy-in and establish relationships across the organization to keep all business units secure, and above all manage a comprehensive and integrated security program.

Share your knowledge

This shift from technical leader to technical and business leader will not be suited for some. It will require a change in mindset for current CISO’s to view themselves as an integral member of these initiatives as they take place. It is paramount that CISO’s take an active role in any digital transformation initiative, though. It is the IT leaders who derive their professional ancestry from those that got board buy-in to buy million dollar computers the size of storage closets, the managers who have been using agile management before silicon valley scaled it outside of IT, that have the highest command of this knowledge. It is selfish to keep this wealth of knowledge trapped within your team - share it; there are those looking for it.

 

You may also like

Informing Cyber Risk Management ...
on May 18, 2023

Cybersecurity is no longer just an IT issue but a business risk that can impact an organization's reputation, financial health, and legal compliance. Cybersecurity risks are ...

Is Your Organization Prepared for ...
on May 3, 2023

Data storage, as well as maintenance tools and applications, have undergone many iterations in the past decade, with the introduction of cloud computing and Security Information ...

Strategies for Automating a Cyber ...
on May 8, 2023

Cybersecurity leaders and teams are overburdened by several growing trends and issues. And when your cybersecurity team is overworked and unequipped to manage cyber risk ...

Selecting the Right Cyber Risk ...
on April 13, 2023

Cyber risk quantification is the process of determining the likelihood and potential impact of a cyber attack or security breach. The probability and impact will vary based on ...

Leveraging Cyber Security ...
on May 26, 2023

A common misunderstanding with cyber risk management is that only the CISO and security practitioners should be concerned about cyber and information security. Instead, the state ...

Tips and Tricks to Transform Your ...
on April 12, 2023

Simply being “cyber aware” is an unviable option for board members as the impact of cybersecurity expands beyond IT systems. An unnoticed security gap or dated risk assessment are ...