How have the roles of CIO/CTO/CISO evolved in regards to security?

People & LeadershipSecurity & GRC
557 viewscircle icon1 Upvotecircle icon5 Comments
Sort by:
CIO in Education4 years ago

The CTO has evolved to be the one running business operations and the CIO is focusing on the business strategy. Therein lies the gap because the CISO doesn't necessarily have the same seat at the table as the CIO or the CTO. If you only have 10 positions to hire, a security architect might be in your top 2 or 3, but realistically it may not be your highest priority. When I was in a life sciences company, security was part of our project management office. Every project had to have security sign off on it. You couldn't say, "Oh crap, I didn't look at security," a week before going live. That wasn't acceptable in life sciences then. A small company doesn't necessarily have the luxury of a big company in that regard.

Lightbulb on1 circle icon2 Replies
no title4 years ago

I would never join a Series A/Series B company as a CISO. They're the top 10 getting fired if there's an issue, there's no upside. That’s why zero series A funded companies have a CISO. We have to make security not be a punishable offense. And security should never be viewed as a luxury.

Lightbulb on1
no title4 years ago

Security cannot be a punishable offense. I don't have a CISO in my business model for first hires at least referenceable by somebody external but eventually it does become one of my top 10 hire requirements.

Lightbulb on1
CEO in Software4 years ago

The CTO used to have a very specific role: to drive technology strategy for the company. It could be a technology company or not; the CTO helped them to either adopt technology or grow their existing technology. Now most CTOs are more like evangelists or part-time engineers. They're not true CTOs anymore. For example, the problem with security in a smaller firm is that you need a security architect who can make sure that you think of security from the bones out as you build your platform. But you also need security to look at the human aspect of running the business as well, and in most cases, those two roles are not the same.

Lightbulb on1 circle icon1 Reply
no title4 years ago

The roles of a CTO and CIO have evolved. Both need to understand the role of security in their evangelistic position. If you don't have security top of mind, you're not going to be a great evangelist.

Lightbulb on2

Content you might like

How frequently does your org update its GenAI training programs for staff? Do you change the training offered to align with new developments in GenAI or new tool capabilities?

Read More Comments

What are the fundamental leadership capabilities that are needed for an era of exponential technology and AI innovation?

Read More Comments

Does your org do anything to actively recruit neurodivergent talent?

Yes24%

It’s being considered41%

No31%

Don't know2%

View Results

What's the most important friction in deploying Robotic Process Automation (RPA) in your company?

Cost of RPA products24%

Lack of developers who can code RPA applications43%

Amount of customization needed to automate business processes27%

Lack of RPA code maintenance resources4%

View Results

I’ve been digging into ways to strengthen Zero Trust on IBM i systems, especially as more orgs shift toward hybrid cloud. I’m curious, how are others approaching threat detection around shadow AI use and supplier exposure in these environments?