As the global cyber threat landscape expands, destructive cyber attacks engender alarming levels of damage, and risk management reemerges as a business focal point, the nature of the CISO role has begun to shift.  

The role of the Chief Information Security Officer (CISO) is currently in a state of flux, especially as risks change and as more stringent regulations and compliance mandates come into play. This once niche role is now critical for modern enterprises, and requires the recalibration of expectations around the job’s function.

The shifting CISO role

Executive search and leadership advisory firm Marlin Hawk recently released a research report denoting a shift in underlying CISO qualifications, growth in internal cyber security hiring, and declines in CISO turnover rates.

“Today’s CISOs are taking up the mantle of responsibilities that have traditionally fallen solely to the CIO, which is to act as the primary gateway from the tech department into the wider business and the outside marketplace,” said managing partner at Marlin Hawk, James Larkin.

As a result, CISOs must be able to adeptly communicate with individuals at every level of the business. They need to be able to communicate with the board and with the marketplace of shareholders and customers. The new emphasis on CISO soft skills will elevate expectations around this role as we move into 2023.

The “CISO+” role

According to some, over the last 8-10 years, the CISO role has really become a “CISO+” role, as many CISOs have taken on engineering-related activities, physical security-related projects, operational resiliency efforts, brand trust development, and/or supply chain resilience building initiatives.

In turn, this has expanded opportunities for CISOs to become business enablers and higher-level transformational technology leaders. From this new height, CISOs are able to command greater respect and to better advocate for resources among executive-level peers, legal teams and other business departments across the organization.

As we move into 2023, CISOs need to recognize that, as newly minted members of the C-suite, they are responsible for and have a stake in innovation, revenue and growth.

From manager to leader

The elevation of the CISO role in the C-suite is generally welcome news for everyone in involved in an organization’s cyber security. However, CISOs need to demonstrate that they are prepared to take on new challenges. CISOs now need to serve as innovative leaders, expert storytellers, and transformation architects who deliver business value.

Today, the CISO must function as a strategist, a tactical master, an influencer and a source of inspiration across the entirety of the business value chain.

Acting as a change agent is among the most important and difficult of practices in lean-management transformations. It requires a someone with a clear vision, patience, persistence, the ability to lead by example, the capacity to ask tough questions and trustworthiness.

Enabling greater business agility may mean that CISOs need to lead closely targeted, highly refined efforts to understand risk, detect threats and emphasize overall cyber security preparedness.

Further CISO insights

The CISO is a strategist, advisor, guardian and a technologist, but expanding the role within your organization might feel like a tough transition or a fuzzy journey. If your organization remains uncertain as to the exact responsibilities that your CISO should take on, turn to what’s happening at the heart of the business – that will inform the “next normal” for CISOs.

For more insights into the CISO role, please see CyberTalk.org’s past coverage. Lastly, to receive more relevant cyber security insights, real-world case-studies and cutting-edge analyses, please sign up for the cybertalk.org newsletter.