5 CISO Characteristics The C-Suite May Not Understand.
Today the CISO role is fast-moving, with no set definition of job requirements or career growth. In fact, the average CISO tenure is estimated to be about 2.5 years whereas the tenure for a CIO is almost double that at 4.3 years.
Business leaders take heed, these are the five reasons why your CISOs come to work every day and why they find passion in their roles ….
1. They are curious about technology - Many CISOs are curious about technology, both new and legacy, how it fits together and works. Many of them are interested in how to hack it and make it do unplanned things — or how it could be hacked and used against our business. This curiosity helps us when we are troubleshooting issues within our security environment or triaging a security incident.
2. They like working with both technology and people to solve problems - Many CISOs like to look at projects, risks or security controls and think of innovative ways to achieve security goals. It's like we're putting together a living puzzle that involves technology, people and process — and we enjoy the challenge. We like our role because it's where the action is, we get to collaborate with peers throughout the business and we help get things done securely.
3. They see the job as exciting work - The field of cyber security itself is dynamic, so keeping educated on new threats, technologies, regulations, aand frameworks can be quite challenging for CISOs. However, many CISOs like that our chosen career field and job role is an ever-present test, requiring continuous education to be effective. It's not boring, at times it's scary — but it’s pretty cool.
4. They need a sense of purpose - There sense of purpose tends to motivate CISOs to either be exceptional or to leave organisations. The role of a CISO is very stressful. However many CISOs accept the stress and the challenges of their position because they feel they and their security teams are making a difference to the business. Even if it isn’t visible to everyone.
5. They refuse to be a token position. — Having a bum on a seat in that position is not enough. The executive leadership team must provide adequate resources and give the CISO the ability to manage risk and help the business be successful. CISOs know when they are just there to tick a compliance box or to be a fall guy for the next security breach.