Insights / Information Technology / Article

5 Security Roles to Plan for in the Digital Era

June 05, 2018

Contributor: Jill Beadle

CISOs must evolve the talent strategy to reflect the changing roles, competencies and skill sets needed to address digital risk.

What do you plan to do after graduation? University students are repeatedly asked this question. Those who choose to focus on cybersecurity can rest easy knowing that they have selected a field with a near-zero unemployment rate.

It’s a reality that chief information security officers (CISOs) face every day as only a limited number of people have the skills and experience required to fill needed IT security positions. Staffing challenges are compounded by rapidly changing digital business initiatives which are changing how organizations evaluate and confront risk.

“There’s no proverbial jack-of-all-trades in cybersecurity,” said Gartner principal research analyst Sam Olyaei during the Gartner Security and Risk Management Summit in National Harbor, MD. “Digital business initiatives require that we have the right people in the right roles with the right skills and competencies.”

The importance of digital competencies

CISOs must go beyond thinking in terms of roles when planning for digital business initiatives. They must now carefully consider which competencies and skills are required to address digital risks.

“Digitalization requires a wider range of security roles that entail new skills and knowledge,” says William Candrick, research consultant at Gartner. “CISOs need to fundamentally rethink their talent requirements.”

“Roles are just job titles and skills are a matter of fact,” said Matthew Stamper, research director at Gartner. “But competencies are the how, the aptitude and traits of employees.”

He shared the competencies integral to digital business execution:

  • Adaptability. Demonstrates flexibility, agility and the ability to respond effectively to changing environments.
  • Business acumen. Demonstrates awareness of internal and external dynamics with an acute perception of business issues.
  • Digital dexterity. Showcases the ability to leverage and manipulate media, information and technology in unique and innovative ways.
  • Outcome driven. Focuses on desired results and business outcomes. Sets and achieves challenging goals.
  • Collaboration/synergy. Exemplifies collaboration with other members of formal and informal teams in pursuit of common mission, vision, value and goals.

Each of these competencies is critical to one or more of the five new cybersecurity roles that today’s CISOs must plan for tomorrow.

Plan for 5 roles

  1. Digital risk officer. The traditional CISO role today will eventually transform into the digital risk officer. Instead of managing information and protecting infrastructure, the digital risk officer will manage cybersecurity risk. Less technical skill is need for this role and success depends on a strong business acumen and the ability to collaborate and communicate effectively.
  2. Chief of staff for security. The chief of staff for security, sometimes referred to as the deputy CISO, removes the administrative burden from the CISO, freeing up time to focus on higher value activities. The deputy CISO must influence and communicate effectively to optimize security workflows and processes.
  3. Data security scientist. The data security scientist incorporates data science and analytics into security functions and applications specifically, how machine learning, artificial intelligence and analytics can be deployed to automate tasks and orchestrate security functions using algorithms and mathematical models to reduce risk. This role requires advanced mathematical skills and statistical and data analysis.
  4. Security “ombudsman.” This role acts as the liaison between lines of business and the security program. Depending on the organization, this role can report into a business function and requires adaptability and political savviness.
  5. Digital ecosystem manager. This role coordinates security and privacy assessments and helps the digital risk officer communicate across the organization’s ecosystem, including vendors, supply-chain, regulators and other external players that could impact digital risk.  It is one of the fastest growing cybersecurity roles.

To get started, CISOs should build a list of new competencies required to support their digital business initiatives and then define the skills required to execute on those initiatives.

Experience Information Technology conferences

Join your peers for the unveiling of the latest insights at Gartner conferences.

View Conferences

Get Exclusive Content

2023 CIO Agenda: 4 Actions to Ensure Your Tech Investments Pay Digital Dividends

Download eBook

Recession Advice: Go on the Offense With IT Investments

Read Now

Predict How Trends and Disruptions Impact Your Organization

Watch Webinar

Explore deep-dive content to help you stay informed and up to date

The Art of the 1-Page Strategy: 4 Simple Steps to Unlock Success

Watch Webinar

The 5 Steps to Successfully Pilot Generative AI and Deliver Business Value

Watch Webinar

Predict How Trends and Disruptions Impact Your Organization

Watch Webinar

Succeed in Digital Business With Your IT Operating Model, Not Just a New Org

Watch Webinar

The Top Challenges for Government CIOs in Transitioning to Digital Government

Watch Webinar

The Innovative Technology Providers Driving the Future of Generative AI

Watch Webinar

Drive stronger performance on your mission-critical priorities.