What makes a good CISO?

Stephen Cobb, CISSP, MSc.

Senior Security Researcherwww.WeLiveSecurity.com

www.eset.com

Why think about this?

What do they even look like?

Very few academic studies of cybersecurity professionals exist, relative to other IT roles and guardianship professions

We find hiring for cybersecurity positions to be:

Cobb, S. (2016) “Getting to know CISOs: Challenging assumptions about closing the cybersecurity skills gap” University of Leicester MSC dissertation

The skills gap is undermining security82% admit to a shortage of cybersecurity skills71% cite shortage as responsible for direct and measurable damage to organizations“A shortage of people with cybersecurity skills results in direct damage to companies, including the loss of proprietary data and IP”

James Lewis, CSIS, quoted by Intel Security

What are some key attributes, competencies,

and personality traitsof CISOs?

Yes, CISO’s have personality

Testing with IPIP NEO, Freed found that IT cybersecurity workers scored higher on Openness and Conscientiousness, lower on Neuroticism, than regular IT folks. Cobb found this difference was even greater in CISOs.

7 Top traits of good CISOs1.Broad in understanding2.With an open mind3.Conscientious4.Strong nerves5.Strong imagination 6.Good communication skills7.Humility

Thank you!» Stephen.Cobb@ESET.com » www.WeLiveSecurity.com