While still relatively new to the C-suite, the role of the chief information security officer (CISO) has become more prevalent as major breaches force companies to take a hard look at their security posture and whether or not they are appropriating the proper (human) resources to avoid a breach. More than half of businesses have a CISO in charge of their security, and even the White House--although perhaps a little late--is gearing up to hire its first federal CISO.
As the CISO takes a permanent seat at the executive table, questions about what qualifies an individual for the position arise. Digital Guardian, a data protection company, researched the typical traits of today's CISO and produced an infographic revealing just what a typical Fortune 100 CISO looks like.
It probably comes as no surprise that Digital Guardian found that most CISOs, 89%, are male, a number that largely reflects the gender breakdown of the information security market. “There is a growth in the demographic as security expands, but with all C-level positions, it takes time to get that change all the way up,” says Salo Fajer, CTO for Digital Guardian.
One stat that Fajer found very interesting was the number of CISOs with an education in business who are entering the security world. According to the infographic, 40% of CISOs have business degrees, with information technology/information security and computer science following behind, with 27% and 23%, respectively. “It’s not necessarily surprising considering the need to keep the business model in mind as you calculate the risk with the security posture in mind,” Fajer says.
Nearly 20% of CISOs have a backgrounds in military or government work, the second most common background after IT/IT Security (59%). To Fajer, this makes sense. CISOs are having to approach security with an investigative eye and focus on more than just layer defense, he says, and when CISOs have a background in military or government, it helps bolster the investigative skills of incident response teams.
Most CISOs haven’t logged many miles in their positions, however: 80% of CISOs have held their current position for less than five years. Fajer says there's a growing awareness of security as a high level concern within the organization rather than just a subset of IT operations.
Faher says a few qualities that the infographic doesn’t highlight but are essential to success as a CISO are the ability to balance the needs of the business and the security posture, as well as knowledge of regulatory and investigative procedures.
Having the business acumen to understand the impact of a breach is the most important skill a CISO can have, he says. A myopic view that only includes the needs of your department just won’t cut it.