Board Discussion: Shift from Conventional CISO Role
Aleksandr Yampolskiy, Co-Founder and CEO of SecurityScorecard, is a globally recognized cybersecurity pioneer and leader.
Although I had nailed the technical aspects of my job as a CISO, the CEO's blunt comment, "Alex, I'm not hearing enough complaints about you," left me stunned. It meant the CEO expected more impact and influence than technical prowess in cybersecurity.
The traditional CISO role was on its way out, as evidenced by mounting responsibilities, personal liability, and limited support. Out of 100 CISOs, 75 were considering leaving due to these reasons. The role needed an overhaul, placing business value and impact above technical expertise.
Evolving Roles and Responsibilities
Businesses face charges for concealing breaches, and CISOs may face legal consequences as individuals. Regulators expect CISOs to disclose cyber risks, similar to how CFOs do for financials.
To combat these challenges, companies are shifting cyber responsibilities to CROs or CTOs, roles that do not expose the individual to personal liability. Others are combining cyber and legal risk under one leader by having CISOs report to CEOs or CLOs.
Navigating the Real Challenges
Becoming a successful CISO is about more than just being technically brilliant. Real challenges include:
- Defining Reporting Lines: CISOs should report directly to business leaders for maximum impact, as many struggle when placed under IT roles.
- Managing Stress: The CISO role is one of the most stressful, with an average tenure of around two years. CISOs should focus on minimizing waste, streamlining teams, and adopting a protective mindset.
- Dealing with Vendors: Vendors should build partnerships instead of pushing products, focusing on adapting their offerings to the client's existing infrastructure.
- Accessing Strategic Insights: Regular face time with the board is essential to align with business strategy and make informed decisions, as only half of CISOs meet with them quarterly.
- Adjusting Expectations: Traditionally, CISOs concentrated on preventing breaches. Today, they must focus on driving business growth, building customer trust, and maximizing revenue opportunities.
To succeed in this new environment, CISOs must make security a business driver, turn it into a competitive edge, do more with less, quantify everything, and protect themselves.
Embrace the challenging yet rewarding new CISO reality as a cybersecurity strategist equipped with business acumen. Whether this means adapting to the new role or transitioning to broader functions like CRO or CTO, the CISO of the future is poised to make a significant impact.
Want a seat at the table with other world-class CIOs and technology executives? Join our invitation-only Community. Do I qualify?
In this new role transformation, Aleksandr Yampolskiy, as a cybersecurity pioneer and CEO, could emphasize the importance of aligning CISOs' duties with business objectives, absorbing the evolving challenges and opportunities. Instead of solely focusing on technical aspects, CISOs like Yampolskiy should prioritize defining reporting lines, managing stress, dealing with vendors, accessing strategic insights, and adjusting expectations — key aspects that can make them indispensable cybersecurity strategists.
