Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How the role of the CISO is changing for better and for worse

Amid a spate of devastating data breaches, vulnerable protocols and a brighter spotlight than ever, it's never been tougher to be an enterprise chief information security officer. Fortunately, there is a silver lining.

According to Ernie Hayden, executive consultant with Alexandria, Va.-based consultancy Securicon LLC, the role of CISO now has much more power and influence than it did when he took his first CISO job at the Port of Seattle more than 10 years ago.

"I think today we've got a lot of very positive exposure, but we've also got a lot of negative exposure," Hayden said. "The good news is [CISOs are] getting a lot more opportunity in front of the executive management and the board, which means there will be a lot more resources and a better opportunity to be successful."

In this video, recorded at the 2014 RSA Conference, Hayden discusses the issues facing CISOs now and in the years to come, including the varying level of influence CISOs enjoy from one organization to the next. He also discusses the shortage of information security professionals and offers some creative tactics to help reduce the burden.

Finally Hayden discusses how he hopes the CISO role will evolve to better address the changing information security landscape. The CISO's toughest job is figuring out which risks to mitigate with finite resources, he said, comparing it to trying to stop the water from draining out of a kitchen colander.

"Your job as the CISO is to cover all of those holes with one hand, because you don't have enough resources," Hayden said. "The bad guy's job is to find one of those holes and get in."

View All Videos

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

How is the role of the CISO changing in your organization?
The article is on point: The job of a CISO is constantly changing as new threats, computing platforms/devices, technology (e.g. cloud apps) and vulnerabilities emerge.