Every chief information security officer (CISO) is unique. They each have varying modes of operation that are influenced by long and distinguished careers. To understand CISO strategies and approaches, we decided to conduct a study. We gathered data in a series of extended in-person interviews with 25 CISOs with the goal of describing how a CISO’s work is organized and executed.
We identified four distinct approaches to the CISO role, each with unique characteristics and discriminators. The names of these four “tribes” emphasize what separates one from another. Dividing CISOs into tribes leads to some insight into career development and progression. We believe that when CISOs understand their own approaches as compared to others, they’ll be better informed about their own ways forward.