The Future Of The CISO — Six Types Of Security Leaders
When starting a project like “The Future Of The CISO” report, it’s a daunting exercise. While we don’t always share the background inspiration for our research, this time it’s quite important and will shed some light on how we arrived here. When we started planning this research in 2018 and working on it in 2019, we thought about how we could help CISOs place themselves in the best situations possible. The role’s matured and more opportunities exist than ever before, so how does a security leader know if they are in the right place? That’s when Wall Street came in handy. Let me explain:
- In Wall Street, Michael Douglas is a “corporate raider” — that’s his archetype. It’s a film, so things are oversimplified, but real-life examples of this character exist.
- Next up was “Turnaround Artist CEO,” the ones often tapped to help “save” or revitalize a struggling company. These folks have a “brand” — this is what they do.
- A security vendor hired a new sales leader. When announcing himself, he said something to the effect of, “I take business units of X size and grow them to Y size — that’s my specialty.”
All three of them have something in common: They know who they are, they know the right situations for themselves, and they choose accordingly. They aren’t always successful, but they are always intentional.
That’s what CISOs need. Corporate raiders don’t do turnarounds; they do breakups. The leader that takes midsize business units and makes them giant business units doesn’t join startups with a v1.0 product. That doesn’t maximize their chances of success.
CISOs need a “type,” they need to know their type, and they need to find opportunities that allow them to be as successful as possible. That energizes them. That helps them stave off burnout: opportunities where they have a passion for the work and a commitment to the mission that ultimately fulfill them.
With that, here’s the first six types as we debut the research that Paul McKay, Jinan Budge, and I put together, with more types slated for the future:
- Transformational CISO
- Post-breach CISO
- Tactical/operational expert CISO
- Compliance and risk guru
- Steady-state CISO
- Customer-facing evangelist
We could name CISOs we work with that fit each type, but we won’t here — and we don’t in the report, so no need to make popcorn before reading. Also, this list isn’t exhaustive. A few roles that were left on the cutting room floor or were consolidated into these six might become a dedicated type in the future.
The full report gives descriptions for each one but also goes one step further. We also included the backgrounds, behaviors, and characteristics of these leaders. To make sure leaders find the best situations, we also included the organizational characteristics to look for when choosing opportunities or attempting to change cultures. And finally, we examined possible exit-destination roles should CISOs look to leave their current role.
We plan to extend this research, including personality tests and role assessments to help leaders understand the tasks, roles, teams, and focus areas they are most passionate about in 2020.