What Does a CISO Do?

"Chief Information Security Officer" or CISO has become something that everyone seems to know about, but we want to address the concept for those who are not exactly sure what a CISO does.

Ideally, a CISO links your Cyber Security program to your senior management and, through senior management, to the organization as a whole.

This function is important because of the large part human behavior plays in Cyber Security: not just boneheads clicking on phishing links in emails, but super geniuses going through the unglamorous work of monitoring network activity, checking backup statuses and updating firmware. To make Cyber Security work, we want to go beyond mere compliance ("don't click on that") to commitment ("thanks for warning us about that scam").

Maybe you don't have a CISO and are wondering if that is the right call in your particular situation. In order to decide that, you need to know what a CISO is supposed to do, and what they often end up do

CISO is a title that covers a multitude of situations, like "dad" or "best friend." What kind of CISO do you have? What kind of CISO are you? Does your CISO's actual activity dovetail with your organization's needs? Does your CISO feel supported? Do you feel that your CISO is committed to maximum uptime with minimal risk?

Want to learn more? We have a short video on this topic on our YouTube channel.