What is a CISO? A Sheriff of the Cyber Wild West

If you’ve kept an eye on the world of technology, particularly on the kinds of jobs available there, you may have across titles like CSO and CISO. Since technology jobs are growing left and right, offering above-average earning potential and exciting job perks, senior-level positions are getting some attention.

In the case of CSOs and CISOs, the name of the game is data protection. Breaches in a company’s security were never something to take lightly. But today, the number of people who could download malware to steal, ransom or expose an organization’s secure information is astronomically high. The World Wide Web has become more of a virtual Wild West, and these professionals are tasked with protecting their companies’ precious data from the internet outlaws.

But what does a CSO or a CISO actually do? How do these good guys keep the virtual bandits from breaching sensitive company information? Read on to hear an expert explain who these C-suite tech pros are and why we need them now more than ever.

CSO vs. CISO

Chief security officer (CSO) and chief information security officer (CISO) not only look alike as job titles, but are very often interchangeable, according to Nick Espinosa, CIO of BSSi2.

“These days I see CISO as the primary position advertised, but it can be called CSO, too,” Espinosa says. “Protecting data now means a close harmony between physical security measures (like security cameras) and cyber security.” He adds that some companies might have a CSO overseeing an executive information security manager as well.

He explains that before the age of hacking, an information security (infosec) manager may have budgeted system updates and managed personnel. But things have changed. “Now security is so paramount, larger companies see the need for a dedicated high-end manager,” Espinosa says. “Even one who sits on the board.”

A CISO is especially high priority for companies with a large amount of intellectual property to protect. Sony, Espinosa offers as an example, might not have had a CISO before the infamous and devastating hack of 2014, but you can bet they have one now.

Why have a CISO position?

Security has always been important for any company. But the past decade has brought about a two-fold change in how security works. On the first side, companies rely on computers, VPN networks and information systems constantly, using them not only to function, but to store valuable information. On the other side, cyber warfare has spread and increased in sophistication.

“For a long time, your average small business probably wasn’t much of a target for hackers or criminals,” Espinosa points out. “But now your information could be robbed or ransomed from anyone, anywhere with a few free tools from the dark web.” A small, local venture in Iowa could lose everything to a teenager sitting at a cafe in Finland, in a matter of minutes.

The rise in cyber war and hacking documentation hasn’t hurt either, Espinosa says. When business leaders see massive, catastrophic hacks going down every week, they re-prioritize security. The old security mindset of ‘if it ain’t broke, don’t fix it’ costs big in the cyber Wild West.

“Those are the clients we get post-breach,” Espinosa says. “We have companies as small as ten people sitting behind a $10,000 firewall because they got hit with ransomware and never want to experience that again.”

But the more proactive companies already understand they are out of their depth if they aren’t constantly changing their defense. “I talk to decision-makers and executives of these companies. They see the cyber arms bizarre anyone can access, and they understand the threat,” he adds.

What does a CISO do?

Though it becomes clearer every day that companies should expect attacks and prepare against them, many might be tempted to rely on an existing infosec team to make it happen. But if security is truly a priority, there needs to be an expert in the room when budgeting decisions and even company vision decisions are made.

“As soon as you fall behind, you’re exposed,” Espinosa says. You might think the money you spent last year on a fancy new system is good enough to last for a while, but InfoSec experts know better. “If you give me one version old of a Cisco firewall, I can teach a 3rd grade class to break it,” he says.

The CISO position works to protect the overall vision of a company. The last thing you want as an innovative leader is a public breach that not only costs your company money, but also its reputation.

Another major role of a CISO is to educate. Certain security measures are going to affect all employees. For example, it might take an extra 30 seconds to log on to their computer every day because they have to verify their login. Some may consider this a nuisance, but it’s the CISO’s job to explain how that loss of time compares to the loss of money that could happen from a single breach.

The role is less “in the trenches” than InfoSec specialists tend to be, according to Espinosa. “A CISO is responsible for directing the overall strategy, the systems a company will use and how. The employees then implement it.”

How to advance to a CISO position

If you’re pursuing a degree in technology and love the world of InfoSec, the CISO position is probably the very top rung of your corporate ladder. A CISO needs a unique blend of InfoSec expertise and leadership-related people skills.

“For any C-level role, you have to have strong leadership experience,” Espinosa says. This is true even for the more technologically-minded positions. “You have to marry those InfoSec classes with management and budgeting,” he explains, adding that the opportunities are unique for a highly talented InfoSec expert who has strong people skills and business experience.

Even to rise into general management in infosec, these business skills are necessary. “Take sales courses whenever you can,” Espinosa advises. “It will be part of your job to sell the need for this security.”

Don’t expect to land this prestigious role in your first few years in the industry. You’re going to need a decent amount of experience and a whole lot of knowledge before advancing to this senior-level InfoSec position.

We used real-time job analysis software to examine more than 300 CISO jobs posted over the past year.* The data revealed that 63 percent of employers require candidates to have at least nine years of experience in the field. Even so, it’s always good to know the possibilities you may encounter later on your career path.

One step at a time

When you are at the beginning of your education and career, a position like CISO can feel impossibly out of reach. But the good news is that CISOs are only becoming more common as technology advances, and the InfoSec teams they represent at the leadership level are growing too.

There’s never been a more exciting time in the field of information security. There are criminals, hackers, malware designers, cyber weapon hawkers and outlaws of all kinds out there in the cyber Wild West. We need people who know how to fight that kind of battle and are able to protect and defend property and information.

Want to learn more about some of the positions that could help you gain the valuable experience you’ll need? Check out our article: Information Security Careers: Become the Next Cyber Superhero.

RELATED ARTICLES:

*Burning-Glass.com (analysis of 319 CISO job postings based on experience, Oct. 01, 2015 – Sep. 30, 2016)

About the author

Brianna Flavin

Brianna is a senior content manager who writes student-focused articles for Rasmussen University. She holds an MFA in poetry and worked as an English Professor before diving into the world of online content. 

Related Content

Related Content

This piece of ad content was created by Rasmussen University to support its educational programs. Rasmussen University may not prepare students for all positions featured within this content. Please visit www.rasmussen.edu/degrees for a list of programs offered. External links provided on rasmussen.edu are for reference only. Rasmussen University does not guarantee, approve, control, or specifically endorse the information or products available on websites linked to, and is not endorsed by website owners, authors and/or organizations referenced. Rasmussen University is accredited by the Higher Learning Commission, an institutional accreditation agency recognized by the U.S. Department of Education.

logo-accreditation-acen logo-accreditation-ccne chart-credential-laddering-associates-bachelors-masters 0 Credits 90 Credits 180 Credits 48 Credits Start Here HIGH SCHOOL GRADS Start Here TRANSFER STUDENTS Start Here SECOND DEGREE PURSUERS End Here ASSOCIATE'S DEGREE Start Here MASTER'S DEGREE PURSUERS End Here BACHELOR'S DEGREE End Here MASTER'S DEGREE chart-credential-laddering-associates-bachelors 0 Credits Start Here HIGH SCHOOL GRADS Start Here TRANSFER STUDENTS 90 Credits Start Here SECOND DEGREE PURSUERS End Here ASSOCIATE'S DEGREE 180 Credits End Here BACHELOR'S DEGREE chart-credential-laddering-msn chart-credential-laddering-nursing-programs chart-credential-laddering-post-grad-np chart-credential-laddering-nursing DNP MSN RN to BSN LPN to RN Bridge Accelerated BSN Professional Nursing ADN Practical Nursing Diploma Pre-Licensure Post-Licensure icon-colored-outline-bank icon-colored-outline-certificate icon-colored-outline-circle-dollar-sign icon-colored-outline-folder-search icon-colored-outline-hand-heart icon-colored-outline-head-blocks icon-colored-outline-head-cog icon-colored-outline-head-heart icon-colored-outline-health-plus-leaves icon-colored-outline-hospital icon-colored-outline-lifelong-learning icon-colored-outline-light-bulb-analytics icon-colored-outline-location-pin icon-colored-outline-magnifying-glass icon-colored-outline-monitor-healthcare icon-colored-outline-monitor-paper-search icon-colored-outline-nurse-rays icon-colored-outline-padlock-shield icon-colored-outline-person-presenter-screen icon-colored-outline-scales ras-logo-flame ras-logo-horizontal ras-logo-stacked icon-colored-advance icon-colored-arrows-cross-curve icon-colored-briefcase-star icon-colored-build icon-colored-bulb-analytics icon-colored-certificate icon-colored-continual-development icon-colored-duo-chatbox icon-colored-folder-mortarboard icon-colored-forward-ribbon icon-colored-gears-clock icon-colored-globe-pen icon-colored-growth icon-colored-hand-bubble icon-colored-hand-stars icon-colored-hands-gear icon-colored-head-blocks icon-colored-head-cog icon-colored-health-plus-leaves icon-colored-hospital-building icon-colored-laptop-cbe-skyscraper icon-colored-laptop-checkmark icon-colored-laptop-webpage icon-colored-location-map icon-colored-location-pin icon-colored-monitor-paper-scan icon-colored-mortarboard-dollar icon-colored-national icon-colored-people-chat-bubbles icon-colored-person-cheer-star icon-colored-person-laptop-checkboxes icon-colored-person-screen-instructor icon-colored-person-whiteboard icon-colored-phone-chatbox icon-colored-police-light icon-colored-prep icon-colored-presenter icon-colored-regional icon-colored-save-time icon-colored-shirt-hat icon-colored-skyscraper icon-colored-state icon-colored-student-centered icon-colored-support icon-colored-world-experience icon-triangle-arrow-up-plant icon-triangle-calendar-pencil icon-triangle-clock-rotating-arrows icon-triangle-display-gears icon-triangle-hand-right-speech-bubble icon-triangle-laptop-coding-brackets icon-triangle-mortarboard icon-triangle-paper-ribbon icon-triangle-person-cheer-star icon-triangle-person-juggle icon-triangle-triple-people-chat-bubble icon-modality-campus icon-modality-field icon-modality-online icon-modality-residential icon-arrow icon-bank icon-camera icon-filter icon-general-chart icon-general-connect icon-general-degree icon-general-discuss icon-general-email icon-general-find icon-general-hat icon-general-heart icon-general-laptop-building icon-general-laptop icon-general-leader icon-general-map icon-general-money icon-general-paperwork icon-general-people icon-general-phone icon-general-speak-out icon-head-heart icon-info-circle icon-mail-forward icon-mglass icon-play-solid icon-quote-mark-left icon-quote-mark-right icon-scales icon-share-square-o icon-simple-chat icon-simple-desktop icon-simple-find icon-simple-hamburger icon-simple-phone icon-spinner icon-tag icon-testimonial-quotes icon-util-checkbox-white icon-util-checkbox icon-util-checked-white icon-util-checked icon-util-chevron-down icon-util-chevron-left icon-util-chevron-right icon-util-chevron-up icon-util-circle-arrow-down icon-util-circle-dot icon-util-language-switch icon-util-loading icon-util-open-window-link icon-util-pdf-link icon-util-refresh icon-util-x rebrand-arrows icon-social-facebook-colored icon-social-facebook-square-colored icon-social-facebook-square icon-social-facebook icon-social-google-plus-square icon-social-google-plus icon-social-instagram-colored icon-social-instagram icon-social-linkedin-square-colored icon-social-linkedin-square icon-social-linkedin icon-social-pinterest-p-colored icon-social-pinterest-p icon-social-twitter-colored icon-social-twitter-square icon-social-twitter icon-social-youtube-play-colored icon-social-youtube-play graduate-cap-star-coin hand-coin hand-heart nurse-stethoscope-rays card-send-smile person-yoga-pose suitcase-star