What is a CISO? A Sheriff of the Cyber Wild West

What is a CISO

If you’ve kept an eye on the world of technology, particularly on the kinds of jobs available there, you may have across titles like CSO and CISO. Since technology jobs are growing left and right, offering above-average earning potential and exciting job perks, senior-level positions are getting some attention.

In the case of CSOs and CISOs, the name of the game is data protection. Breaches in a company’s security were never something to take lightly. But today, the number of people who could download malware to steal, ransom or expose an organization’s secure information is astronomically high. The World Wide Web has become more of a virtual Wild West, and these professionals are tasked with protecting their companies’ precious data from the internet outlaws.

But what does a CSO or a CISO actually do? How do these good guys keep the virtual bandits from breaching sensitive company information? Read on to hear an expert explain who these C-suite tech pros are and why we need them now more than ever.

CSO vs. CISO

Chief security officer (CSO) and chief information security officer (CISO) not only look alike as job titles, but are very often interchangeable, according to Nick Espinosa, CIO of BSSi2.

“These days I see CISO as the primary position advertised, but it can be called CSO, too,” Espinosa says. “Protecting data now means a close harmony between physical security measures (like security cameras) and cyber security.” He adds that some companies might have a CSO overseeing an executive information security manager as well.

He explains that before the age of hacking, an information security (infosec) manager may have budgeted system updates and managed personnel. But things have changed. “Now security is so paramount, larger companies see the need for a dedicated high-end manager,” Espinosa says. “Even one who sits on the board.”

A CISO is especially high priority for companies with a large amount of intellectual property to protect. Sony, Espinosa offers as an example, might not have had a CISO before the infamous and devastating hack of 2014, but you can bet they have one now.

Why have a CISO position?

Security has always been important for any company. But the past decade has brought about a two-fold change in how security works. On the first side, companies rely on computers, VPN networks and information systems constantly, using them not only to function, but to store valuable information. On the other side, cyber warfare has spread and increased in sophistication.

“For a long time, your average small business probably wasn’t much of a target for hackers or criminals,” Espinosa points out. “But now your information could be robbed or ransomed from anyone, anywhere with a few free tools from the dark web.” A small, local venture in Iowa could lose everything to a teenager sitting at a cafe in Finland, in a matter of minutes.

The rise in cyber war and hacking documentation hasn’t hurt either, Espinosa says. When business leaders see massive, catastrophic hacks going down every week, they re-prioritize security. The old security mindset of ‘if it ain’t broke, don’t fix it’ costs big in the cyber Wild West.

“Those are the clients we get post-breach,” Espinosa says. “We have companies as small as ten people sitting behind a $10,000 firewall because they got hit with ransomware and never want to experience that again.”

But the more proactive companies already understand they are out of their depth if they aren’t constantly changing their defense. “I talk to decision-makers and executives of these companies. They see the cyber arms bizarre anyone can access, and they understand the threat,” he adds.

What does a CISO do?

Though it becomes clearer every day that companies should expect attacks and prepare against them, many might be tempted to rely on an existing infosec team to make it happen. But if security is truly a priority, there needs to be an expert in the room when budgeting decisions and even company vision decisions are made.

“As soon as you fall behind, you’re exposed,” Espinosa says. You might think the money you spent last year on a fancy new system is good enough to last for a while, but InfoSec experts know better. “If you give me one version old of a Cisco firewall, I can teach a 3rd grade class to break it,” he says.

The CISO position works to protect the overall vision of a company. The last thing you want as an innovative leader is a public breach that not only costs your company money, but also its reputation.

Another major role of a CISO is to educate. Certain security measures are going to affect all employees. For example, it might take an extra 30 seconds to log on to their computer every day because they have to verify their login. Some may consider this a nuisance, but it’s the CISO’s job to explain how that loss of time compares to the loss of money that could happen from a single breach.

The role is less “in the trenches” than InfoSec specialists tend to be, according to Espinosa. “A CISO is responsible for directing the overall strategy, the systems a company will use and how. The employees then implement it.”

How to advance to a CISO position

If you’re pursuing a degree in technology and love the world of InfoSec, the CISO position is probably the very top rung of your corporate ladder. A CISO needs a unique blend of InfoSec expertise and leadership-related people skills.

“For any C-level role, you have to have strong leadership experience,” Espinosa says. This is true even for the more technologically-minded positions. “You have to marry those InfoSec classes with management and budgeting,” he explains, adding that the opportunities are unique for a highly talented InfoSec expert who has strong people skills and business experience.

Even to rise into general management in infosec, these business skills are necessary. “Take sales courses whenever you can,” Espinosa advises. “It will be part of your job to sell the need for this security.”

Don’t expect to land this prestigious role in your first few years in the industry. You’re going to need a decent amount of experience and a whole lot of knowledge before advancing to this senior-level InfoSec position.

We used real-time job analysis software to examine more than 300 CISO jobs posted over the past year.* The data revealed that 63 percent of employers require candidates to have at least nine years of experience in the field. Even so, it’s always good to know the possibilities you may encounter later on your career path.

One step at a time

When you are at the beginning of your education and career, a position like CISO can feel impossibly out of reach. But the good news is that CISOs are only becoming more common as technology advances, and the InfoSec teams they represent at the leadership level are growing too.

There’s never been a more exciting time in the field of information security. There are criminals, hackers, malware designers, cyber weapon hawkers and outlaws of all kinds out there in the cyber Wild West. We need people who know how to fight that kind of battle and are able to protect and defend property and information.

Want to learn more about some of the positions that could help you gain the valuable experience you’ll need? Check out our article: Information Security Careers: Become the Next Cyber Superhero.


*Burning-Glass.com (analysis of 319 CISO job postings based on experience, Oct. 01, 2015 – Sep. 30, 2016)


RELATED ARTICLES:

This piece of ad content was created by Rasmussen College to support its educational programs. Rasmussen College may not prepare students for all positions featured within this content. Please visit www.rasmussen.edu/degrees for a list of programs offered. External links provided on rasmussen.edu are for reference only. Rasmussen College does not guarantee, approve, control, or specifically endorse the information or products available on websites linked to, and is not endorsed by website owners, authors and/or organizations referenced. Rasmussen College is a regionally accredited private college and Public Benefit Corporation.

Brianna is a freelance writer for Collegis Education who writes student focused articles on behalf of Rasmussen College. She earned her MFA in poetry in 2014 and looks for any opportunity to write, teach or talk about the power of effective communication.

Receive Personalized Information Today

  • Personalized financial aid
  • Customized support services
  • Detailed program plan
  • Attend a no-obiligation Nursing Information Session
  • Meet the Dean of Nursing
  • Enrollment application
  • Personalized financial aid
  • Career path guidance

How may we contact you?

Please complete all fields

What would you like to study?

The program you have selected is not available in your area. Please select another program of interest.

By requesting information, I authorize Rasmussen College to contact me by email, phone or text message at the number provided.

close
Share Your Story Ideas
Our campuses and online community have stories to tell and we want to hear them! Did your campus raise the most money in the community for an organization? Do you have online study tips for other students? Would you like to share a personal success story about overcoming an obstacle while earning your degree?
To have your story idea considered:
  • You must be a faculty member, current student or graduate
  • Story ideas must be regarding Rasmussen College or an inspiring story about a student at Rasmussen College
  • Your submission must be original and may not have been published elsewhere online already
Please Note: Your story idea may be featured on the Rasmussen College News Beat or on one of our social networks. A member of our news team will contact you should we move forward with a blog post.
Feel free to suggest an idea for a blog post to be featured on the Rasmussen College News Beat by filling out the form below:

First Name: (required)

Last Name: (required)

Email Address: (required)

Phone Number: (required)

500 characters or less

close

Your Story Idea Has Been Submitted

Thank you for sending us a story idea! We’re reviewing submissions and may contact you soon to learn more about your story. In the meantime, make sure to check out our current blogs to see what’s happening on campus.

close