Tommi - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

What's driving executive turnover for CISOs?

A number of experienced CISOs have left their positions recently. Expert Joe Granneman looks at where they are going, and what's behind the trend.

I read recently that a number of seasoned CISOs are leaving their positions and moving to the vendor side of security. What is driving this trend, especially in a time when the industry already has a shortage of qualified information security professionals?

The demand for experienced leaders in information security has increased dramatically over the last few years. The CISO position is maturing and beginning to play a more strategic role in the enterprise, relieving previous frustrations and increasing overall job satisfaction. There is room to innovate and forge new trails as a CISO because the industry is still young and malleable. There has probably never been a better time to be a CISO from a job security perspective. However, there are many CISOs that are leaving their corporate jobs behind to work instead for security or IT vendors in non-CISO executive roles.

There are many potential reasons for this rapid migration to vendor employment. While it sounds optimistic that experienced CISOs are in such high demand, the ominous reason behind this increased demand is the fact that companies are losing the battle against cybercrime. The number of massive data breaches that hit the headlines this year continues to grow. The pressure put on the CISO to prevent these types of breaches is mounting even as companies neglect to allocate appropriate resources to build a proper defense. The CISO position can unfortunately look like nothing more than a bureaucratic figurehead and scapegoat, which decreases job satisfaction and increases the executive turnover rate. Vendors can offer a compelling option for CISOs to jump ship and get away from this kind of pressure.

The importance of information security has increased, but it still suffers from the stigma of being an overhead department. This is the reason that many information security programs are often underfunded and overlooked, as enterprises prioritize focus on revenue-generating activities instead. This can be a deterrent for passionate CISOs that instead might want to be creative and experiment with the revenue generation instead of managing a budget-strapped department. And vendors will be searching for CISOs that want that kind of creative opportunity.

The CISO role continues to gain acceptance and influence as companies realize the importance of information security. This realization has come at a cost as many companies continue to be victims of data breaches or unauthorized intrusions. But the pressure to protect company networks and data with limited resources can cause CISOs to rethink their career choice and go to work for a vendor. An ex-CISO can then be a part of developing new products that generate revenue instead of begging a company CFO to increase funding for information security.

Next Steps

Expert Ernie Hayden explains how the CISO role is changing for better and for worse

This was last published in January 2015

Dig Deeper on Information security certifications, training and jobs