“The CISOs of 2020 will be more business aligned and business relationship orientated. They will be closer to the company’s assets with regard assigning ownership and accountability and will be accountable for contributing meaningful metrics to measure the risk exposure to board level.
“Key Risk Indicators will be a key measurement of success with a move away from the tactical threat-based strategies many deploy today.”
Rose says that current and future CISOs should look to leverage internal training to further their career, and to learn more about the business.
“Internal management training is good. They’re effectively a bit like a mini MBA. You get to run a pretend company, go to educational classes about finance and marketing…that’s the sort of gold dust that CISOs need to know now.
“They need to be a much more rounded business professional. If they aren’t they’ll get replaced. Because if the CISO goes to the board and talks about technology, viruses and TCIP packets, they will be not invited back.”
Wells urges prospective CISOs: “Learn the business and evolve your ability to act as the interpreter/translator between the technology teams and the business functions. Be able to explain technology risks in the terms of a business such as exposure, reputational impact and financial risk.”
Drinkwater is an experienced journalist covering information security and a contributor to CSOonline.
Sign up for MIS Asia eNewsletters.