Wednesday, May 6, 2015

Where Is The CISO Role Going By 2018?

From my RSA 2015 panel, "When Will InfoSec Grow Up?"

What do you think? Will the CISO evolve into CIRO? Does the CISO belong under the CIO, or maybe just operational security? 

I personally think 2018 is an aggressive timeframe since many organizations still don't have a formal CISO defined and 20% of CIOs claim they don't think they need a CISO. It seems to me we need to inform the board (externally) with what a forward leaning organization should expect in a CISO and drive change from the top down, rather than bottom up.

What do people think a CISO does?