How have the roles of CIO/CTO/CISO evolved in regards to security?

LeadershipSecurity & GRC
558 viewscircle icon1 Upvotecircle icon5 Comments
Sort by:
CIO in Education5 years ago

The CTO has evolved to be the one running business operations and the CIO is focusing on the business strategy. Therein lies the gap because the CISO doesn't necessarily have the same seat at the table as the CIO or the CTO. If you only have 10 positions to hire, a security architect might be in your top 2 or 3, but realistically it may not be your highest priority. When I was in a life sciences company, security was part of our project management office. Every project had to have security sign off on it. You couldn't say, "Oh crap, I didn't look at security," a week before going live. That wasn't acceptable in life sciences then. A small company doesn't necessarily have the luxury of a big company in that regard.

Lightbulb on1 circle icon2 Replies
no title5 years ago

I would never join a Series A/Series B company as a CISO. They're the top 10 getting fired if there's an issue, there's no upside. That’s why zero series A funded companies have a CISO. We have to make security not be a punishable offense. And security should never be viewed as a luxury.

Lightbulb on1
no title5 years ago

Security cannot be a punishable offense. I don't have a CISO in my business model for first hires at least referenceable by somebody external but eventually it does become one of my top 10 hire requirements.

Lightbulb on1
CEO in Software5 years ago

The CTO used to have a very specific role: to drive technology strategy for the company. It could be a technology company or not; the CTO helped them to either adopt technology or grow their existing technology. Now most CTOs are more like evangelists or part-time engineers. They're not true CTOs anymore. For example, the problem with security in a smaller firm is that you need a security architect who can make sure that you think of security from the bones out as you build your platform. But you also need security to look at the human aspect of running the business as well, and in most cases, those two roles are not the same.

Lightbulb on1 circle icon1 Reply
no title5 years ago

The roles of a CTO and CIO have evolved. Both need to understand the role of security in their evangelistic position. If you don't have security top of mind, you're not going to be a great evangelist.

Lightbulb on2

Content you might like

What’s your approach to helping direct reports within the IT department develop their leadership skills?

Read More Comments

What percentage of your team’s time is allocated annually for upskilling and training initiatives?

Read More Comments

What is the biggest barrier to introducing more technology in classrooms, courses and companies?

The software costs too much29%

It takes too long to set things up and getting started40%

There is just not enough time to introduce anything at all20%

It is not clear that there are any benefits for us6%

There is not enough good technology2%

View Results

In light of the story around AI ethics researcher Timnit Gebru, do you believe Google is committed to transparent and ethical AI practices?

Yes, they are, and they handled the situation appropriately23%

Yes, they are, but they didn't handle the situation well49%

I'm not sure they are committed to transparent and ethical AI practices19%

No, they are not committed to transparent and ethical AI practices7%

View Results

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

Read More Comments