A CISO Is...
The technical definition of a CISO is the Chief Information Security Officer but what does that mean? What does this person do and what does it take to be a good CISO?
As with almost everything, if you ask 5 people to define something you will end up with 8 different opinions but this is what we believe the role of a CISO requires and the core duties they perform.
​
Behavioral Capabilities
-
A proactive and self-motivated leader
-
A creator and driver of the Information Security Vision and Strategy
-
A relationship builder
-
A coach and mentor
-
An excellent communicator to all levels and skillsets from executive to engineer to operations
-
Passionate with a hunger for research
-
Flexible, open-minded, creative, and energetic
-
Credible and trustworthy
-
An excellent negotiator
-
Confident and able to accept criticism
​
Functional Capabilities
-
Directs and approves the design of security systems
-
Reviews and approves security policies, controls, and cyber incident response planning
-
Approves user identity and access policies and management
-
Reviews investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities
-
Maintains a current understanding of the IT threat landscape for the industry
-
Ensures compliance with the changing laws and applicable regulations
-
Translates that knowledge to the identification of risks and actionable plans to protect the business
-
Schedules periodic security audits
-
Communicates cybersecurity policies and procedures to all personnel and ensure adherence
-
Manages all teams, employees, contractors, and vendors involved in IT security, which may include hiring
-
Continuously updates the cybersecurity strategy to leverage new technology and threat information
-
Briefs the executive team on status and risks, including taking the role of champion for the overall strategy and necessary budget
-
Communicates best practices and risks to all parts of the business, outside IT