Do CISOs really aspire to be CIOs?

Do CISOs really aspire to be CIOs?
Posting date:09 Apr 2019

The role of the CISO has elevated in recent years with an influx of high-profile data breaches and an increased consciousness for the protection of data, but, while the CISO has become a household name – do we have a succession plan in place for them?

I have spent the last few months working on a white paper which explores the evolution of the CISO. We look at the ways in which HR and Cyber Security teams can work together to counteract the human element of data breaches, we speak to the ‘new generation’ of CISOs and ask them what they think the future holds and we interview four established security professionals who came into the role from completely different career paths. 

When speaking to these exceptional professionals, they seem to offer similar perspectives on topics such as educating the workforce but their views on who they wish to report to and what role they would like to progress into seem to differ entirely.

One CISO I spoke to recently told me that after 25 years in the security space, he is looking to evolve into a CIO role. He believes this to be a natural progression as he himself has spent many years reporting into various CIOs. Another CISO I spoke to couldn’t disagree more as why would she want to report into a person who knows little about Cyber Security? The primary objective of a CIO is to be available, the focus of a CISO couldn’t contrast any more.

Other CISOs believe they should sit on the board and report directly to the founders or CEOs of a business while others think reporting into a Finance or IT function is acceptable. 

I’d be keen to hear your views on the matter. Who should a CISO report into and what does the future hold for our current CISOs? Also, if you are interested in receiving a copy of our white paper once published please do get in touch.