CISO Research Identifies 4 Distinct Approaches to the Role
Every chief information security officer (CISO) is unique. They each have varying modes of operation that are influenced by long and distinguished careers. To understand CISO strategies and approaches, we decided to conduct a study. We gathered data in a series of extended in-person interviews with 25 CISOs with the goal of describing how a CISO’s work is organized and executed.
Some participating firms in this study
- ADP
- Aetna
- Allergan
- Bank of America
- Cisco
- Citizens Bank
- Eli Lilly
- Fannie Mae
- Goldman Sachs
- HSBC
- Human Longevity
- JPMorgan Chase
- LifeLock
- Morningstar
- Starbucks
- U.S. Bank
The 4 CISO tribes
We identified four distinct approaches to the CISO role, each with unique characteristics and discriminators. The names of these four “tribes” emphasize what separates one from another. Dividing CISOs into tribes leads to some insight into career development and progression. We believe that when CISOs understand their own approaches as compared to others, they’ll be better informed about their own ways forward.
Security as Enabler
Security as Technology
Security as Compliance
Security as a Cost Center
What's inside the report?
- A thorough exploration of each of the four tribes to support the evolution, consistent improvement, and efficiencies of the CISO role
- An overview of the discriminators used to differentiate the tribes
- A coherent model representing a CISO population of just under 150 years of experience