This website uses cookies to ensure you get the best experience. More info

What is a CISO? A Sheriff of the Cyber Wild West

What is a CISO

If you’ve kept an eye on the world of technology, particularly on the kinds of jobs available there, you may have across titles like CSO and CISO. Since technology jobs are growing left and right, offering above-average earning potential and exciting job perks, senior-level positions are getting some attention.

In the case of CSOs and CISOs, the name of the game is data protection. Breaches in a company’s security were never something to take lightly. But today, the number of people who could download malware to steal, ransom or expose an organization’s secure information is astronomically high. The World Wide Web has become more of a virtual Wild West, and these professionals are tasked with protecting their companies’ precious data from the internet outlaws.

But what does a CSO or a CISO actually do? How do these good guys keep the virtual bandits from breaching sensitive company information? Read on to hear an expert explain who these C-suite tech pros are and why we need them now more than ever.


Chief security officer (CSO) and chief information security officer (CISO) not only look alike as job titles, but are very often interchangeable, according to Nick Espinosa, CIO of BSSi2.

“These days I see CISO as the primary position advertised, but it can be called CSO, too,” Espinosa says. “Protecting data now means a close harmony between physical security measures (like security cameras) and cyber security.” He adds that some companies might have a CSO overseeing an executive information security manager as well.

He explains that before the age of hacking, an information security (infosec) manager may have budgeted system updates and managed personnel. But things have changed. “Now security is so paramount, larger companies see the need for a dedicated high-end manager,” Espinosa says. “Even one who sits on the board.”

A CISO is especially high priority for companies with a large amount of intellectual property to protect. Sony, Espinosa offers as an example, might not have had a CISO before the infamous and devastating hack of 2014, but you can bet they have one now.

Why have a CISO position?

Security has always been important for any company. But the past decade has brought about a two-fold change in how security works. On the first side, companies rely on computers, VPN networks and information systems constantly, using them not only to function, but to store valuable information. On the other side, cyber warfare has spread and increased in sophistication.

“For a long time, your average small business probably wasn’t much of a target for hackers or criminals,” Espinosa points out. “But now your information could be robbed or ransomed from anyone, anywhere with a few free tools from the dark web.” A small, local venture in Iowa could lose everything to a teenager sitting at a cafe in Finland, in a matter of minutes.

The rise in cyber war and hacking documentation hasn’t hurt either, Espinosa says. When business leaders see massive, catastrophic hacks going down every week, they re-prioritize security. The old security mindset of ‘if it ain’t broke, don’t fix it’ costs big in the cyber Wild West.

“Those are the clients we get post-breach,” Espinosa says. “We have companies as small as ten people sitting behind a $10,000 firewall because they got hit with ransomware and never want to experience that again.”

But the more proactive companies already understand they are out of their depth if they aren’t constantly changing their defense. “I talk to decision-makers and executives of these companies. They see the cyber arms bizarre anyone can access, and they understand the threat,” he adds.

What does a CISO do?

Though it becomes clearer every day that companies should expect attacks and prepare against them, many might be tempted to rely on an existing infosec team to make it happen. But if security is truly a priority, there needs to be an expert in the room when budgeting decisions and even company vision decisions are made.

“As soon as you fall behind, you’re exposed,” Espinosa says. You might think the money you spent last year on a fancy new system is good enough to last for a while, but InfoSec experts know better. “If you give me one version old of a Cisco firewall, I can teach a 3rd grade class to break it,” he says.

The CISO position works to protect the overall vision of a company. The last thing you want as an innovative leader is a public breach that not only costs your company money, but also its reputation.

Another major role of a CISO is to educate. Certain security measures are going to affect all employees. For example, it might take an extra 30 seconds to log on to their computer every day because they have to verify their login. Some may consider this a nuisance, but it’s the CISO’s job to explain how that loss of time compares to the loss of money that could happen from a single breach.

The role is less “in the trenches” than InfoSec specialists tend to be, according to Espinosa. “A CISO is responsible for directing the overall strategy, the systems a company will use and how. The employees then implement it.”

How to advance to a CISO position

If you’re pursuing a degree in technology and love the world of InfoSec, the CISO position is probably the very top rung of your corporate ladder. A CISO needs a unique blend of InfoSec expertise and leadership-related people skills.

“For any C-level role, you have to have strong leadership experience,” Espinosa says. This is true even for the more technologically-minded positions. “You have to marry those InfoSec classes with management and budgeting,” he explains, adding that the opportunities are unique for a highly talented InfoSec expert who has strong people skills and business experience.

Even to rise into general management in infosec, these business skills are necessary. “Take sales courses whenever you can,” Espinosa advises. “It will be part of your job to sell the need for this security.”

Don’t expect to land this prestigious role in your first few years in the industry. You’re going to need a decent amount of experience and a whole lot of knowledge before advancing to this senior-level InfoSec position.

We used real-time job analysis software to examine more than 300 CISO jobs posted over the past year.* The data revealed that 63 percent of employers require candidates to have at least nine years of experience in the field. Even so, it’s always good to know the possibilities you may encounter later on your career path.

One step at a time

When you are at the beginning of your education and career, a position like CISO can feel impossibly out of reach. But the good news is that CISOs are only becoming more common as technology advances, and the InfoSec teams they represent at the leadership level are growing too.

There’s never been a more exciting time in the field of information security. There are criminals, hackers, malware designers, cyber weapon hawkers and outlaws of all kinds out there in the cyber Wild West. We need people who know how to fight that kind of battle and are able to protect and defend property and information.

Want to learn more about some of the positions that could help you gain the valuable experience you’ll need? Check out our article: Information Security Careers: Become the Next Cyber Superhero.


* (analysis of 319 CISO job postings based on experience, Oct. 01, 2015 – Sep. 30, 2016)

Brianna Flavin

Brianna is a content writer for Collegis Education who writes student focused articles on behalf of Rasmussen College. She earned her MFA in poetry and teaches as an adjunct English instructor. She loves to write, teach and talk about the power of effective communication.

female writer

Related Content

This piece of ad content was created by Rasmussen College to support its educational programs. Rasmussen College may not prepare students for all positions featured within this content. Please visit for a list of programs offered. External links provided on are for reference only. Rasmussen College does not guarantee, approve, control, or specifically endorse the information or products available on websites linked to, and is not endorsed by website owners, authors and/or organizations referenced. Rasmussen College is a regionally accredited private college.

chart-credential-laddering-healthcare-management 0 Credits 90 Credits 180 Credits 48 Credits Start Here HIGH SCHOOL GRADS Start Here TRANSFER STUDENTS Start Here SECOND DEGREE PURSUERS End Here ASSOCIATE’S DEGREE Start Here MASTER’S DEGREE PURSUERS End Here BACHELOR’S DEGREE End Here MASTER’S DEGREE chart-credential-laddering-rsb 0 Credits Start Here HIGH SCHOOL GRADS Start Here TRANSFER STUDENTS 90 Credits Start Here SECOND DEGREE PURSUERS End Here ASSOCIATE'S DEGREE 180 Credits End Here BACHELOR'S DEGREE chart-credential-laddering-rsd 0 Credits Start Here HIGH SCHOOL GRADS Start Here TRANSFER STUDENTS 91 Credits Start Here SECOND DEGREE PURSUERS End Here ASSOCIATE'S DEGREE 181 Credits End Here BACHELOR'S DEGREE chart-credential-laddering-rsjs 0 Credits Start Here HIGH SCHOOL GRADS Start Here TRANSFER STUDENTS 91 Credits Start Here SECOND DEGREE PURSUERS End Here ASSOCIATE'S DEGREE 180 Credits End Here BACHELOR'S DEGREE chart-credential-laddering-rsn 0 Credits Start Here HIGH SCHOOL GRADS Start Here TRANSFER STUDENTS 91 Credits Start Here SECOND DEGREE PURSUERS End Here ASSOCIATE'S DEGREE 181 Credits End Here BACHELOR'S DEGREE logo-accreditation-acen logo-accreditation-ccne ras-logo-flame ras-logo-horizontal ras-logo-stacked icon-bank icon-general-connect icon-general-degree icon-general-discuss icon-general-email icon-general-find icon-general-laptop-building icon-general-laptop icon-general-leader icon-general-map icon-general-paperwork icon-general-phone icon-general-speak-out icon-head-heart icon-mglass icon-scales icon-camera icon-filter icon-info-circle icon-mail-forward icon-play-solid icon-quote-mark-left icon-quote-mark-right icon-share-square-o icon-spinner icon-tag icon-simple-chat icon-simple-desktop icon-simple-find icon-simple-hamburger icon-simple-phone icon-testimonial-quotes icon-colored-outline-bank icon-colored-outline-circle-dollar-sign icon-colored-outline-folder-search icon-colored-outline-head-cog icon-colored-outline-head-heart icon-colored-outline-monitor-healthcare icon-colored-outline-monitor-paper-search icon-colored-outline-padlock-shield icon-colored-advance icon-colored-arrows-cross-curve icon-colored-build icon-colored-bulb-analytics icon-colored-certificate icon-colored-continual-developement icon-colored-folder-mortarboard icon-colored-globe-pen icon-colored-growth icon-colored-hand-bubble icon-colored-head-blocks icon-colored-head-cog icon-colored-laptop-cbe-skyscraper icon-colored-laptop-webpage icon-colored-monitor-paper-scan icon-colored-national icon-colored-police-light icon-colored-prep icon-colored-presenter icon-colored-regional icon-colored-skyscraper icon-colored-save-time icon-colored-state icon-colored-student-centered icon-colored-support icon-colored-world-experience icon-social-facebook-square-colored icon-social-facebook-square icon-social-facebook icon-social-google-plus-square icon-social-google-plus icon-social-instagram icon-social-linkedin-square-colored icon-social-linkedin-square icon-social-linkedin icon-social-pinterest-p icon-social-twitter-square icon-social-twitter icon-social-youtube-play-colored icon-social-youtube-play icon-util-checkbox-white icon-util-checkbox icon-util-checked-white icon-util-checked icon-util-chevron-down icon-util-chevron-left icon-util-chevron-right icon-util-chevron-up icon-util-language-switch icon-util-loading icon-util-open-window-button icon-util-open-window-link icon-util-pdf-button icon-util-pdf-link icon-util-refresh icon-util-x