The Evolving Role of the CISO - ISACA Denver
Transcript of The Evolving Role of the CISO - ISACA Denver
![Page 1: The Evolving Role of the CISO - ISACA Denver](https://reader031.fdocuments.in/reader031/viewer/2022012022/6169c2f111a7b741a34b129b/html5/thumbnails/1.jpg)
Jonathan C. Trull, CISO, Qualys
Denver ISACA/ISSA 2014
The Evolving Role of the CISO
![Page 2: The Evolving Role of the CISO - ISACA Denver](https://reader031.fdocuments.in/reader031/viewer/2022012022/6169c2f111a7b741a34b129b/html5/thumbnails/2.jpg)
Human/CISO Evolution
![Page 3: The Evolving Role of the CISO - ISACA Denver](https://reader031.fdocuments.in/reader031/viewer/2022012022/6169c2f111a7b741a34b129b/html5/thumbnails/3.jpg)
Computer Evolution
![Page 4: The Evolving Role of the CISO - ISACA Denver](https://reader031.fdocuments.in/reader031/viewer/2022012022/6169c2f111a7b741a34b129b/html5/thumbnails/4.jpg)
The Future
![Page 5: The Evolving Role of the CISO - ISACA Denver](https://reader031.fdocuments.in/reader031/viewer/2022012022/6169c2f111a7b741a34b129b/html5/thumbnails/5.jpg)
ACCESS PRIVILEGES
OUTDATED SOFTWARE
MIS- CONFIGURATIONS
CODING WEAKNESSE
S
INCOMPLETE INVENTORY
SOCIAL MEDIA
THREATS
VULNERABILITIES
Defending the Global Enterprise
A Problem of Scale, Accuracy and Speed
5
THE EXTENDED ENTERPRISE
Dispersed IT Assets, Data and Networks
![Page 6: The Evolving Role of the CISO - ISACA Denver](https://reader031.fdocuments.in/reader031/viewer/2022012022/6169c2f111a7b741a34b129b/html5/thumbnails/6.jpg)
Historical Perspective on CISO Job • Pre-1995 – Security was the job of the system admin/mainframe
operator (Why would anyone want to steal computer time?)
• 1st CISO – 1995 at Citicorp / Citigroup – Cyber crime becomes true threat to business as ecommerce takes hold.
• Over 50% of corporations with 1,000 or more employees have a CISO or similar executive
• Average CISO tenure – 2 years; Average CEO tenure – 10 years.
![Page 7: The Evolving Role of the CISO - ISACA Denver](https://reader031.fdocuments.in/reader031/viewer/2022012022/6169c2f111a7b741a34b129b/html5/thumbnails/7.jpg)
Do we have a cyber security leadership crisis or are we just misunderstood?
• Since 2005, there have been 4,912 recorded breaches and 673 million records exposed (Identity Theft Resource Center).
• Year over year double digit percentage increase in number of breaches (~20%).
• $46 billion a year spent on cyber security.
• Cost of breaches increasing by 30 percent year over year.
![Page 8: The Evolving Role of the CISO - ISACA Denver](https://reader031.fdocuments.in/reader031/viewer/2022012022/6169c2f111a7b741a34b129b/html5/thumbnails/8.jpg)
CISO Role as of 2014
• Role heavily focused on technology
• Report to CIO or similar IT executive
• Addicted to operational matters and cyber security emergencies
• Not considered part of the executive team / c-suite
![Page 9: The Evolving Role of the CISO - ISACA Denver](https://reader031.fdocuments.in/reader031/viewer/2022012022/6169c2f111a7b741a34b129b/html5/thumbnails/9.jpg)
Common Complaints About CISOs • Doesn’t positively engage with the business
• Security strategy and spending does not align with the business strategy
• Roadblock to innovation and revenue growth
• Too reactionary, alarmist, lacks long term vision
![Page 10: The Evolving Role of the CISO - ISACA Denver](https://reader031.fdocuments.in/reader031/viewer/2022012022/6169c2f111a7b741a34b129b/html5/thumbnails/10.jpg)
Future Trends
• Pressure on CISOs to deliver results will Increase
• Move to consolidate roles and redefine organizational structure
• CISOs must provide business value first and foremost
![Page 11: The Evolving Role of the CISO - ISACA Denver](https://reader031.fdocuments.in/reader031/viewer/2022012022/6169c2f111a7b741a34b129b/html5/thumbnails/11.jpg)
New Skill Set
• Leadership
• Communication (especially crisis communication)
• Business Acumen
• Relationship Building / Management
• Technical knowledge – but not so much bits and bytes but how technology intersects with the business and interacts with customers
![Page 12: The Evolving Role of the CISO - ISACA Denver](https://reader031.fdocuments.in/reader031/viewer/2022012022/6169c2f111a7b741a34b129b/html5/thumbnails/12.jpg)
A Fundamental Problem Remains
Inability, with any reasonable accuracy, to determine, react to,
and report on risk
![Page 13: The Evolving Role of the CISO - ISACA Denver](https://reader031.fdocuments.in/reader031/viewer/2022012022/6169c2f111a7b741a34b129b/html5/thumbnails/13.jpg)
Major Constraints on Security Teams
![Page 14: The Evolving Role of the CISO - ISACA Denver](https://reader031.fdocuments.in/reader031/viewer/2022012022/6169c2f111a7b741a34b129b/html5/thumbnails/14.jpg)
Thank You [email protected]