What is a CISO? A Sheriff of the Cyber Wild West

What is a CISO

If you’ve kept an eye on the world of technology, particularly on the kinds of jobs available there, you may have across titles like CSO and CISO. Since technology jobs are growing left and right, offering above-average earning potential and exciting job perks, senior-level positions are getting some attention.

In the case of CSOs and CISOs, the name of the game is data protection. Breaches in a company’s security were never something to take lightly. But today, the number of people who could download malware to steal, ransom or expose an organization’s secure information is astronomically high. The World Wide Web has become more of a virtual Wild West, and these professionals are tasked with protecting their companies’ precious data from the internet outlaws.

But what does a CSO or a CISO actually do? How do these good guys keep the virtual bandits from breaching sensitive company information? Read on to hear an expert explain who these C-suite tech pros are and why we need them now more than ever.

CSO vs. CISO

Chief security officer (CSO) and chief information security officer (CISO) not only look alike as job titles, but are very often interchangeable, according to Nick Espinosa, CIO of BSSi2.

“These days I see CISO as the primary position advertised, but it can be called CSO, too,” Espinosa says. “Protecting data now means a close harmony between physical security measures (like security cameras) and cyber security.” He adds that some companies might have a CSO overseeing an executive information security manager as well.

He explains that before the age of hacking, an information security (infosec) manager may have budgeted system updates and managed personnel. But things have changed. “Now security is so paramount, larger companies see the need for a dedicated high-end manager,” Espinosa says. “Even one who sits on the board.”

A CISO is especially high priority for companies with a large amount of intellectual property to protect. Sony, Espinosa offers as an example, might not have had a CISO before the infamous and devastating hack of 2014, but you can bet they have one now.

Why have a CISO position?

Security has always been important for any company. But the past decade has brought about a two-fold change in how security works. On the first side, companies rely on computers, VPN networks and information systems constantly, using them not only to function, but to store valuable information. On the other side, cyber warfare has spread and increased in sophistication.

“For a long time, your average small business probably wasn’t much of a target for hackers or criminals,” Espinosa points out. “But now your information could be robbed or ransomed from anyone, anywhere with a few free tools from the dark web.” A small, local venture in Iowa could lose everything to a teenager sitting at a cafe in Finland, in a matter of minutes.

The rise in cyber war and hacking documentation hasn’t hurt either, Espinosa says. When business leaders see massive, catastrophic hacks going down every week, they re-prioritize security. The old security mindset of ‘if it ain’t broke, don’t fix it’ costs big in the cyber Wild West.

“Those are the clients we get post-breach,” Espinosa says. “We have companies as small as ten people sitting behind a $10,000 firewall because they got hit with ransomware and never want to experience that again.”

But the more proactive companies already understand they are out of their depth if they aren’t constantly changing their defense. “I talk to decision-makers and executives of these companies. They see the cyber arms bizarre anyone can access, and they understand the threat,” he adds.

What does a CISO do?

Though it becomes clearer every day that companies should expect attacks and prepare against them, many might be tempted to rely on an existing infosec team to make it happen. But if security is truly a priority, there needs to be an expert in the room when budgeting decisions and even company vision decisions are made.

“As soon as you fall behind, you’re exposed,” Espinosa says. You might think the money you spent last year on a fancy new system is good enough to last for a while, but InfoSec experts know better. “If you give me one version old of a Cisco firewall, I can teach a 3rd grade class to break it,” he says.

The CISO position works to protect the overall vision of a company. The last thing you want as an innovative leader is a public breach that not only costs your company money, but also its reputation.

Another major role of a CISO is to educate. Certain security measures are going to affect all employees. For example, it might take an extra 30 seconds to log on to their computer every day because they have to verify their login. Some may consider this a nuisance, but it’s the CISO’s job to explain how that loss of time compares to the loss of money that could happen from a single breach.

The role is less “in the trenches” than InfoSec specialists tend to be, according to Espinosa. “A CISO is responsible for directing the overall strategy, the systems a company will use and how. The employees then implement it.”

How to advance to a CISO position

If you’re pursuing a degree in technology and love the world of InfoSec, the CISO position is probably the very top rung of your corporate ladder. A CISO needs a unique blend of InfoSec expertise and leadership-related people skills.

“For any C-level role, you have to have strong leadership experience,” Espinosa says. This is true even for the more technologically-minded positions. “You have to marry those InfoSec classes with management and budgeting,” he explains, adding that the opportunities are unique for a highly talented InfoSec expert who has strong people skills and business experience.

Even to rise into general management in infosec, these business skills are necessary. “Take sales courses whenever you can,” Espinosa advises. “It will be part of your job to sell the need for this security.”

Don’t expect to land this prestigious role in your first few years in the industry. You’re going to need a decent amount of experience and a whole lot of knowledge before advancing to this senior-level InfoSec position.

We used real-time job analysis software to examine more than 300 CISO jobs posted over the past year.* The data revealed that 63 percent of employers require candidates to have at least nine years of experience in the field. Even so, it’s always good to know the possibilities you may encounter later on your career path.

One step at a time

When you are at the beginning of your education and career, a position like CISO can feel impossibly out of reach. But the good news is that CISOs are only becoming more common as technology advances, and the InfoSec teams they represent at the leadership level are growing too.

There’s never been a more exciting time in the field of information security. There are criminals, hackers, malware designers, cyber weapon hawkers and outlaws of all kinds out there in the cyber Wild West. We need people who know how to fight that kind of battle and are able to protect and defend property and information.

Want to learn more about some of the positions that could help you gain the valuable experience you’ll need? Check out our article: Information Security Careers: Become the Next Cyber Superhero.


*Burning-Glass.com (analysis of 319 CISO job postings based on experience, Oct. 01, 2015 – Sep. 30, 2016)


RELATED ARTICLES:

Brianna Flavin

Brianna is a content writer for Collegis Education who writes student focused articles on behalf of Rasmussen College. She earned her MFA in poetry and teaches as an adjunct English instructor. She loves to write, teach and talk about the power of effective communication.

female writer

Related Content

This piece of ad content was created by Rasmussen College to support its educational programs. Rasmussen College may not prepare students for all positions featured within this content. Please visit www.rasmussen.edu/degrees for a list of programs offered. External links provided on rasmussen.edu are for reference only. Rasmussen College does not guarantee, approve, control, or specifically endorse the information or products available on websites linked to, and is not endorsed by website owners, authors and/or organizations referenced. Rasmussen College is a regionally accredited private college and Public Benefit Corporation.

Add your comment

*

Please enter your name.

*

Please enter your email.

*

Please enter your comment.

Take the Next Step—Talk to Us!

Request More Information

Talk with a program manager today.

Fill out the form to receive information about:
  • Program Details and Applying for Classes 
  • Financial Aid and FAFSA
  • Customized Support Services
  • Detailed Program Plan

Step 1 of 3

What's Your Name?

Please enter your first name.

Please enter your last name.

Step 2 of 3

Contact Information

Please enter your email address.

Please enter your phone number.

Please enter your five digit zip code.

Step 3 of 3

Program Preferences

Please choose a school of study.

Please choose a program.

Please choose a degree.

By requesting information, I authorize Rasmussen College to contact me by email, phone or text message at the number provided. There is no obligation to enroll.

icon-colored-advance icon-colored-build icon-colored-certificate icon-colored-growth icon-colored-national icon-colored-prep icon-colored-regional icon-colored-state icon-colored-support logo-accreditation-acen logo-accreditation-ccne ras-logo-flame ras-logo-horizontal ras-logo-stacked icon-filter icon-info-circle icon-mail-forward icon-play-solid icon-share-square-o icon-spinner icon-tag icon-general-connect icon-general-degree icon-general-discuss icon-general-email icon-general-find icon-general-laptop icon-general-leader icon-general-map icon-general-paperwork icon-general-phone icon-general-speak-out icon-simple-chat icon-simple-desktop icon-simple-find icon-simple-hamburger icon-simple-phone icon-testimonial-quotes icon-social-facebook-square-colored icon-social-facebook-square icon-social-facebook icon-social-google-plus-square icon-social-google-plus icon-social-instagram icon-social-linkedin-square-colored icon-social-linkedin-square icon-social-linkedin icon-social-pinterest-p icon-social-twitter-square icon-social-twitter icon-social-youtube-play-colored icon-social-youtube-play icon-util-checkbox-white icon-util-checkbox icon-util-checked-white icon-util-checked icon-util-chevron-down icon-util-chevron-left icon-util-chevron-right icon-util-chevron-up icon-util-open-window-button icon-util-open-window-link icon-util-pdf-button icon-util-pdf-link icon-util-refresh icon-util-x