Tomorrow's Chief Information Security Officer
Johnson Leadership Series - Zip Industries - Making a splash with John Doumani
Johnson Leadership Series - Rob Coombe's "Transaround" of craveable brands.
New Partner Appointment: Dianne Cassen
Westpac appoint Guilherme Lima as Chief Executive of the Business Division
New Partner Appointment: Claude Ringuet
Breaking the Bamboo Ceiling
Experience Co. appoint Chief Executive Officer
Better Together: Increasing Male Engagement in Gender Equality Efforts in Australia
5 Steps to Kick Start Strategic Workforce Planning
Experience Co. appoint Chief Financial Officer
The future CISO is a forward-thinking IT business leader with deep exposure to the C-Suite and Board. They are security guardians – prescient and proactive in cyber risk management – and highly strategic at adapting, preventing, and responding to cyber risk threats. Further, they convey these threats through metricated data to protect an organisation’s finances, assets, brand and customers.
The future CISO will need to be prepared to take on more responsibility as breaches will only grow in complexity and magnitude. To meet the future the CISO will need to be a thought leader, always updating their understanding of the avenue available for cyber threats. Today, this is Blockchain, the Internet of Things and Cloud Computing. Tomorrow? The future CISO knows.
Board & C-Suite Upskilling
CISO’s are emerging from traditional technologists into highly qualified business leaders. Nowhere is this more evident than the role they increasingly fulfil to the Board of Directors. With many Directors trained and educated prior to the digital era – in some cases, prior to personal computing – CISO’s are required to forge linkages between generations. Technical expertise is not enough to bridge this gap. Modern Directors are expected to provide oversight across matters beyond the confines of their executive careers. This includes information security. CISO’s must develop key Board relationships, referencing cyber risks against a complex business to an audience confronted by the need to learn about threats that did not exist a decade ago.
Cyber security has struggled to compete for investment. Few people outside technology truly understood the work of the CISO, and many do not understand the dollar-value of risk prevention and protecting against cyber threats. This is changing and the key is to quantify. Yet even here, it is not enough to simply quote the number of cyber threats prevented, and dashboard figures on bottom-line savings. The future CISO will use and analyse this data, certainly, but they will ‘sell’ these metrics to their peers, the C-Suite and Board, to ensure effective impact.
Where the CISO sits functionally within a large corporate is varied. While the majority of CISOs sit in the technology team reporting into the Chief Information Officer, some organisations find different structures appealing for pragmatic reasons. Many mature IT security functions organisations have the CISO reporting to either the Chief Compliance Officer, the Chief Executive Officer, or in some cases even the Chair of the Board Risk Committee. Regardless of where the CISO sits, one thing is clear: the CISO requires the crucial ability to adapt across fluid functional settings.
Commercially Astute & Aware
As well as technical expertise, tomorrow’s CISO will bring commercial acumen in combating threats to an organisation. By establishing and managing a holistic information security risk process, the future CISO will always look to protect core company assets. They will understand the financial impact of security threats, and prioritise security threats for the best commercial and regulatory compliance outcome.
They will also be vigilant in monitoring the environment for emerging threats and advising stakeholders on the appropriate action. They own the disaster recovery and business continuity plans related to IT, and protects the company’s intellectual property, regulated data, and reputation.
To invigorate the future CISOs impact on an organisation, they will build a robust technical team, and ensure a strong security posture through relationships with cybersecurity professionals and external agencies around the globe. They will comply with regulations, including those governing private-public partnerships, and have one-call access to the defence community and international intelligence agencies.
While the rise of the data-driven economy has continued to provide next-level growth opportunities, it has also fuelled a rise in regulatory, customer, and shareholder scrutiny on the appropriate and secure management of such data. Data breaches of the past have shown the seriousness of data protection and Boards are continuing to understand the dollar-value of such breaches.