Access your Pro+ Content below.
Challenging role of CISO presents many opportunities for change
This article is part of the Information Security issue of May 2017, Vol. 19, No. 4
By its most recent measure, the Ponemon Institute shared research in 2014 that indicated that the average tenure of CISOs is 2.1 years. Why so short? There were two proposed rationales. The "wanderlust theory" held that qualified candidates for the role of CISO were in such high demand, according to Larry Ponemon, chairman and founder of the research group, that they were lured to another company that paid more for the position. Ponemon said some CISOs likely made two or even three jumps to higher-paying positions if they were really qualified. The other theory behind the two-year tenure: When security problems occurred, the affected companies needed someone to blame, which resulted in the CISO's departure. The research data was compiled over several years and based on numerous surveys from mainly U.S. sources. There's not always a CISO on hand to play the scapegoat, though. Ponemon found that in organizations of more than 1,000 employees, 40% had a fully dedicated CISO, 16% had a partially dedicated CISO and 44% had none. The ...
Features in this issue
With some reports showing incredibly short tenures, new CISOs barely have time to make their mark. The salaries are good; the opportunities for the right skills, unlimited.
Tasked with security and compliance, Lucia Milica Turpin watches over internal systems and remote communications customers entrust to the video conferencing company.
The emergence of threat hunting programs underscores the importance of the human factor in fighting the most dangerous and costly security threats.
Columns in this issue
In the security field, certifications and degrees are never a substitute for on-the-job experience. For women in security, the challenges may be even greater.
Failure to achieve compliance with the EU's General Data Protection Regulation in the next 12 months can trigger fines of up to 4% of a company's gross annual revenue.