The demands and complex threat landscape CISOs operate in placed a higher value on technical studies and backgrounds in 2022.
The material risk of a breach, nation-state attack or ransomware is more palpable across the governance structure of enterprises, said James Larkin, managing partner of performance and growth at Marlin Hawk, a global executive search and leadership advisory firm.
This places a greater demand on enterprise leaders to hire CISOs that are “technical enough to understand the gaps in the architecture that might exist within the digital domain, such that these attacks can occur,” he said.
“There’s generally a sense that we shouldn’t take the risk, so to speak, on this hire,” Larkin said.
This increased focus on technical prowess underscores the evolving responsibilities CISOs are taking on – expanding their remit to include areas such as engineering, business risk, operational resiliency, product design and security and technology architecture.
“Rather than just defending what we have, I think there will be more of a skew towards preparing for what we want to have or what we want to build,” Larkin said. “And making sure that the CISO is in that discussion as well.”
Organizational defense, of course, remains the core role for CISOs.
“You shouldn’t have the CISO title if you’re not actively defending your organization,” Yonesy Núñez, CISO at Jack Henry Associates, said in the report.
Beyond that, very few CISO roles are alike, making it one of the least consistent C-suite roles and one that continues to gain importance.
CISOs have earned greater influence over infrastructure and technology components, Shamoun Siddiqui, CISO at Neiman Marcus Group, told Marlin Hawk for the report.
“Such an integration of cybersecurity and infrastructure resolves the single biggest point of contention that has historically existed between the two silos of information security and infrastructure,” Siddiqui said.
Get the free daily newsletter read by industry experts
The agency placed a premium on low cost, high impact security efforts, which account for more than 40% of the goals.
Physical keys with cryptographic protocols can deliver higher levels of assurance, but organizations shouldn’t conflate resistance with infallibility.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Get started ➔
The agency placed a premium on low cost, high impact security efforts, which account for more than 40% of the goals.
Physical keys with cryptographic protocols can deliver higher levels of assurance, but organizations shouldn’t conflate resistance with infallibility.
The free newsletter covering the top industry headlines
