When it comes to high-end corporate positions, the real power-players, the largest cogs that keep the machine running, it’s not hard to think of the Chief Information Security Officer (CISO) as one of the most valuable players.
With technology saturating the business world more and more each day, the person who controls it all can determine the success or failure of the company all on their own.
Chief Information Security Officer (or CISO) is a high-pressure job that many people don’t even know exists. So, what is it that a CISO does, exactly?
What is a CISO?
The Chief Information Security Office of an organization is the grand-high poohbah of technical matters – everything from maintaining information privacy to recovering from disasters to cyber security and digital forensics. Add about twenty more responsibilities to that list and you’ll start to get an idea of what the CISO does.
The long and short of it is that all computer, IT, network, privacy, and security architecture goes through the CISO. They hand down the decrees, they take the heat for mistakes, they manage all IT teams, and they stay up to date on the ever-changing best practices of IT security.
What Does a Chief Information Security Officer Do?
The CISO is in charge of security, plain and simple. This applies to both digital security and physical security, too – think of the CISO as the company’s “tactical officer” and you’ve got a good idea of just what they do. They maintain the safety of data, employees, physical equipment, and all other aspects of the corporation.
They’ll be hiring and firing all members of the security and IT teams, at least at the top level – obviously there are many managers below them who will being doing the nitty gritty down the line.
They’ll be meeting with (or at least be in contact with) government agencies in order to execute the newest cybersecurity laws, and even to provide advise at the highest levels.
The Chief Information Security Officer is the safety and security architect behind every policy, implementation, execution, and all other conceivable facet of the company’s security measures.
What is a Chief Information Security Officer Responsible For?
A CISO has a huge list of responsibilities, all of which revolve around protecting the company through every conceivable avenue. Here are just a few of their most important duties:
It’s the duty of a CISO to prepare for and execute all plans to get the business through a disaster or other disruptive event.
A good CISO will anticipate probable disruptions and do their best to plan for them, using actual hard data and probability based off location, climate, type of business, and other factors.
They aren’t alone in doing this, of course, but they should be the prime contact on all business continuity plans.
Examples of disruptions that need to be prepared for could be climate events (tornados, hurricanes, storms, earthquakes, etc.), power outages, fire, flooding, network failures (either from the company’s servers or the ISP), data loss (anything from an individual laptop to a backup server), and more.
Even small disasters like the plumbing in your main office not working should be given a few moments thought and a plan for how to keep the business working around it.
The CISO is charged with not only making these plans but communicating them with all employees at every level of the plan’s execution.
Of course, planning isn’t the end of the line when it comes to business continuity. A CISO is also tasked with running both paper drills and real-life tests of these plans, including things like testing emergency generators, or organizing a fire drill or even moving your whole office to a temporary office space one day to get the feel for how long the business would be down during a disaster.
Easily one of the cornerstones of the CISO’s responsibilities is keeping the company’s information private and protected in an increasingly transparent world.
While firewalls and anti-viruses and other security software are obviously going to be a part of the job, it’s not the be-all, end-all of data security. The fact is, most hacking is done through what is called “social engineering.”
Social engineering is the concept of breaking into a computer network or illegally obtaining data through the manipulation of employees. When most people think “hacking” they picture a guy pounding away at a keyboard, but the truth is more sinister. Hackers are far more likely to call your company and pretend to be an IT guy to get access to a password or use email scams to steal information then they are to run some kind of sci-fi computer program that cracks your database open.
So, when we say the CISO is in charge of cybersecurity, it’s not just buying the top-of-the-line network security gadgets and calling it a day. The most important aspect of the job is training all of the employees on not only recognizing social engineering scams, but on how to use the internet, their computers, and their phones in the safest way possible.
They have to be taught what kind of data they can never share over a phone, or who to call to confirm that the person who called them really is an IT guy or a maintenance guy or whatever they are claiming to be. It’s about education as much as software, and it’s the CISO’s duty to provide that education and training.
What is a Chief Information Security Officer’s Salary?
Considering all of the crushing responsibility that comes with the role, it’s no surprise that the salary is of a commiserate rate.
According to a recent study, the average salary for a Chief Information Security Officer in America is over $200,000 a year. If you live in an area like New York, Los Angeles, or San Francisco, those salaries average closer to $250,000.
Now that legislation has mandated an increase in data security and privacy for customers, CISO’s workload has increased, and the pay has jumped up with it. There are even some CISO’s reportedly making over six figures in top European corporations.
The Qualifications and Certifications
The personal qualifications alone are staggering – not only does a CISO need a keen mind for the tech side of the business, but there are dozens of leadership skills and qualities they use on a daily basis. This requires someone with both the left and right side of their brains firing on all cylinders, a “jack-of-all-trades” who knows both how computers and people work.
Having hands-on technical experience is a must, even if the day-to-day work of a CISO won’t require it. An army colonel may not be firing a rifle every day, but he needs to know how they work and what they can do, and they need to be able to recognize that ability in others and not be baffled by terminology.
As for leadership qualities, they may even be MORE important. A CISO could potentially be in charge of hundreds (if not thousands) of people, depending on the size of the company, which means they’re going to have to know how to delegate and recognize talent. They have to be able to motivate their troops, to teach, and to anticipate personnel problems before they crop up.
There are certifications that can help a CISO as well, and in fact may be required depending on where they end up working.
For degrees, they’re going to want something in the computer science field, with a focus on cyber security. The certifications pretty much required are the CISM, or “Certified Information Security Manager,” and the CISSP, or “Certified Information Systems Security Professional.” Some may even require more certs like “Certified Information Systems Auditor” and “Certified in the Governance of Enterprise IT.”
The CISO Career Path
Five years as a hands-on security IT tech are helpful, with an additional five years on top of that as a lead of some kind. The more management experience, the better. The more employees under them, the better. A CISO candidate must have extensive leadership experience before they even think about taking a swing at a CISO position.
The Highest Tech Position in the Field
When it comes to tech jobs, a CISO is without a doubt one the highest and most prestigious rungs on the ladder. The top CISOs are millionaires, and they shake hands with globe-spanning corporations and government agencies every single day. They aren’t only just responsible for following law and policy – they often have a hand in making it.
When the personal and digital security of thousands of employees and potentially millions of customers is on the line, it’s the CISO where the buck stops.
Keywords: ciso, chief information security officer