PRO+ Premium Content/Information Security
Access your Pro+ Content below.
Challenging role of CISO presents many opportunities for change
This article is part of the Information Security issue of May 2017, Vol. 19, No. 4
By its most recent measure, the Ponemon Institute shared research in 2014 that indicated that the average tenure of CISOs is 2.1 years. Why so short? There were two proposed rationales. The "wanderlust theory" held that qualified candidates for the role of CISO were in such high demand, according to Larry Ponemon, chairman and founder of the research group, that they were lured to another company that paid more for the position. Ponemon said some CISOs likely made two or even three jumps to higher-paying positions if they were really qualified. The other theory behind the two-year tenure: When security problems occurred, the affected companies needed someone to blame, which resulted in the CISO's departure. The research data was compiled over several years and based on numerous surveys from mainly U.S. sources. There's not always a CISO on hand to play the scapegoat, though. Ponemon found that in organizations of more than 1,000 employees, 40% had a fully dedicated CISO, 16% had a partially dedicated CISO and 44% had none. The ...
Features in this issue
-
Challenging role of CISO presents many opportunities for change
With some reports showing incredibly short tenures, new CISOs barely have time to make their mark. The salaries are good; the opportunities for the right skills, unlimited.
-
Polycom CISO focused on ISO 27001 certification, data privacy
Tasked with security and compliance, Lucia Milica Turpin watches over internal systems and remote communications customers entrust to the video conferencing company.
Columns in this issue
-
CISO job requires proven track record in business and security
In the security field, certifications and degrees are never a substitute for on-the-job experience. For women in security, the challenges may be even greater.
-
Q&A: GDPR compliance with Microsoft CPO Brendon Lynch
Failure to achieve compliance with the EU's General Data Protection Regulation in the next 12 months can trigger fines of up to 4% of a company's gross annual revenue.