The Evolving Role of the CISO

June 8, 2013
| |
1 min read

During the last year, we did a lot of thinking about the role of the CISO, including a major survey we posted. As we embark on our next round of research I wanted to share a summary of how we see the Chief Security Officer role evolving. See below:

CISO Role Today CISO+ Role in Future
CISO’s Background
  • CISOs come from varied backgrounds
  • Often inherited the role
  • Moved up through the IT or business ranks
  • Some are hired from outside to create public perception
  • Proven track record to lead during a crisis
  • Knows how to take risks
  • Ability to manage & communicate clearly and concisely to upper management / Board
  • Heavy on business skills  / Lighter on technical skills
Reporting Line
  • CISOs typically reports to CIO; typically a layer in between CISO and CIO
  • Some CISOs report to COO
  • CISO+ reports directly to CIO
  • Have  responsibility for; Strategy, Policy, Ops, Compliance, Crisis Management
Level of Authority
  • Not always viewed as a key decision maker
  • Seldom an actual executive role
  • Often tactical and reactive
  • Transformational leader
  • Sr. level executive
  • Combined role of IT Risk Officer & CISO
  • Responsible for Initiatives & Ops
  • Strategic & pro-active
Areas of spend / Budget responsibility
  • Majority of budget directed at maintenance projects to keep current initiatives running
  • Other spending on pro-active initiatives and reactive projects
  • Majority of budget spending will be on transformational initiatives
  • Budgets should be a percent of the Enterprise budget since all functional groups have security requirements

What do you think?  Do you agree with the role today and how it will evolve to a strategic role in the future?

As I mentioned, the IBM Client Insights team will be completing our second CISO survey soon. We’ll incorporate your comments in to that work!

Marc van Zadelhoff
General Manager, IBM Security

Marc van Zadelhoff is the General Manager for IBM Security, the fastest-growing enterprise security company in the world. Before taking over as head of th...
read more