What does a CISO do?

- Chief information security officers wear many different hats, but in most organizations, there are a few consistent ones. Let me walk you through each of them. First, you have the risk manager. CSOs are ultimately the leader and final decision-maker when it comes to the day-to-day risks in their realm of responsibility which happens to be cybersecurity. This is no different than the head of HR making a final decision on a personnel matter or the CFO giving the thumbs up or thumbs down on an expensive purchase that's outside of budget. The bigger risk, of course, will incorporate other leaders. CSOs are strategists. They are responsible for defining the direction of the cybersecurity program. You will be expected to define and subsequently execute on a strategy and roadmap of initiatives that will improve the security posture of your organization. They are teachers and advisors. As a leader, it is incumbent upon you to develop and upscale your team, but it is also your responsibility to raise the security maturity of your peers, the senior leadership and pretty much everyone you interact with. You will serve as the trusted advisor to your organization on all things security-related. And if it's not you directly, it'll be someone on your team that has that responsibility and well, they report to you. CSOs are corporate executives. Your first responsibility is to the mission of the organization, which in corporate America, comes down to the bottom line. It is not enough to be a security expert. You need to understand the financials, who the top customers are, what factors impact margin and profitability, what the strategy is for the organization. And most importantly, you need to figure out how your role and cybersecurity program will play a part in achieving that strategy. Last but not least, CSOs are still managers. They are responsible for project execution and operational excellence. They have oversight of people processing technology. What you inherit, you must operate. What you build, you must run. And as any executive, you are expected to do so efficiently and effectively. Now, CSOs cycle through each of these personas throughout any given day. The most successful CSOs I've met, do so seamlessly. You've likely worn at least one of these hats but if you see one you haven't worn, there's no time better than now to pick it up and see if it fits.