This report provides an overview of the common requirements, roles, responsibilities, experience, and expertise necessary to operate as the senior most cybersecurity leader in a firm — commonly titled chief information security officer (CISO), and tech execs can use this as the basis of a job requisition. This research also features the common stakeholders the CISO works alongside, possible metrics for evaluating the CISO, along with the recommended behaviors and characteristics necessary in a CISO to run an inclusive, diverse security program with a strong commitment to maintain a security positive company culture.