The situation the new CISO finds on arrival is often different to what they were expecting, but who’s to blame?
The CISO role has never been more important. The firms that fail at appointing a new CISO are those which rush and push an inexperienced techie in a poorly defined role. Positioning the role accurately in relation to the firm’s objectives around security, thinking it as a senior leadership role, and taking the time to find the right leader are the keys to long-term success.
The role of the CISO in its historical technology-driven perception is not outdated yet, but it is under threat and losing ground. The firms looking to reverse this trend need to act at three levels
Surveys suggest that the average tenure in a CISO position is around 2 years. Nothing will change until the profile of the CISO is raised and they start to see their role over the mid to long-term