The most transformational job in the corporate world right now isn’t glamorous, certainly isn’t easy, and at times is even a little thankless. It’s a job where little can go right and a lot can go catastrophically wrong. If that isn’t enough, it’s probably the hottest seat in corporate America today.
The job I am talking about is that of the chief information security officer (CISO). And, if I were rising through the ranks of an enterprise IT department, CISO is the job I would seek out to make my mark.
Everyone knows that enterprises are facing daunting cybersecurity challenges. The mammoth data breaches that have plagued Target, Home Depot, and most publicly, Sony, have made the security failings of large public companies a regular feature in every mainstream news outlet, creating speculation about how enterprises and governments alike are fighting cybercrime, or failing to do so. Cybersecurity has never been a more visible issue, and CISOs will ultimately be the ones to ensure corporate America meets this challenge.
Security and risk management must become part of every business decision, and nobody within the enterprise is better positioned to advocate for those issues than the CISO. That’s why the job’s so critical to businesses right now, and why it also has far-reaching implications for today’s corporate boardroom. The security executives who successfully take on that role are changing how boardrooms weigh risk and ultimately make decisions.
Once an obscure position for cybersecurity specialists, the CISO’s addition to the boardroom has come as a response to the constant rhythm of data breach headlines in recent years. But research we conducted with Opinion Matters shows that CISOs are still held at an arm’s length and do not have the decision-making or purchasing power they need to make a difference.
More importantly perhaps, they often lack the respect of their peers in the C-suite or are viewed as convenient scapegoats in the event of a data breach. Simply put, the C-suite remains unsure of this relative newcomer, and turf wars and corporate politics are only putting organizations and consumer data at greater risk.
As an executive at a cybersecurity company, I speak to CISOs on a daily basis. I continue to be amazed at the internal obstacles many of them face. But truly successful CISOs have figured out how to make it work. It’s a valuable lesson for any aspiring CISO, not to mention other members of the C-suite who know that now’s the time to rethink corporate strategy in terms of placing sound cybersecurity and risk management front and center. In my discussions with effective CISOs, there’s a commonality with how they approached their job: