To what extent should a CIO also be a CISO?

Top Answer : If you’re a CIO you need to be focused on technology. Those could be CTOs or lots of different titles but I think it’s important to have a security-first mindset. If you’re relying on your CISO to be able to solve problems, it’s already too late. The business decisions were already made. The products and the tooling were already selected. Now the security teams are going to come on after and give you a risk analysis and tell you what the problem was. We’re going to keep having data breaches if we don’t start changing our behaviors and changing the way we respond and solve problems. The whole idea of a CISO is almost a ‘cover-your-ass’ position as opposed to a real strategic position that’s there to help enable the business solve problems.  They have to be positioned along with the CIO as a business leader that’s helping minimize risk and solving problems early as possible in the software development lifecycle.

4 views
2 comments
0 upvotes
Related Tags
Pink Terminal
IT, Software
If you’re a CIO you need to be focused on technology. Those could be CTOs or lots of different titles but I think it’s important to have a security-first mindset. If you’re relying on your CISO to be able to solve problems, it’s already too late. The business decisions were already made. The products and the tooling were already selected. Now the security teams are going to come on after and give you a risk analysis and tell you what the problem was. We’re going to keep having data breaches if we don’t start changing our behaviors and changing the way we respond and solve problems. The whole idea of a CISO is almost a ‘cover-your-ass’ position as opposed to a real strategic position that’s there to help enable the business solve problems.  They have to be positioned along with the CIO as a business leader that’s helping minimize risk and solving problems early as possible in the software development lifecycle.
0 upvotes
Black Server
IT, Software
If the CIO has specialization in the security or has a good understanding of the security world.  He can also be CISO.  If you are a CISO, you need to be sure and keep yourself updated with the latest happening in the security side.  Otherwise this role can be left to a specialist.
0 upvotes