What Is A CISO?
A Chief Information Security Officer (CISO) has broad ranging priorities that impact almost every business group within a company. From Facilities to the CEO, every business line has information and systems that they consider crucial to the ongoing operations of the company. It is up to the CISO to implement a variety of security protocols and practices to protect the data and/or systems from attack from both external and internal actors. They are also charged with updating the CEO or the Board of Directors as to the status of the protocols and practices that division heads have signed on to previously.
What is a Remote CISO?
A Remote CISO is really nothing more than a CISO that works out of their home or out of a “hoteling” workspace. Truly, the materials that they provide can be formulated and delivered from anywhere in the world. There may be times that the CISO has to report in-person to the corporate headquarters, but many times organizations utilize web meeting technologies that people, including the CISO, can use.
Why a Remote CISO?
The primary reason that a company may opt for a remote CISO is to save money. In the age of COVID this may even be more important as many office spaces will be closed or have limited hours of operation. A remote CISO may also give the company more flexibility when it comes to hiring as it does not require the remote CISO to move from state to state or even country to country.
Who Does the CISO Report To?
This is one of the most concerning issues that organizations face when hiring a CISO. CISOs can be seen reporting to the Board of Directors, the CEO or COO, or the CIO. Honestly, it depends upon the size of the organization and what makes them feel the most comfortable. The only reporting structure that may cause conflict is when the CISO reports to the CIO. Why? Typically, the CISO provides checks and balances on programs that the CIO may have implemented. Given this, it turns the CISO into an adversary of the CIO and places them in in a precarious position when they provide their findings to others.
What Skills Does a CISO Have?
Typically, the individuals that hold this position will have a college degree in Cybersecurity, Information Technology, or Management Information Systems. They may also have various certifications such as CISSP, CISA or CISM. Many times, work experience is substituted for certifications.
Stay Tuned for Next Week’s Post Where I Discuss the Programs that a CISO Is Usually Charged With.