< What It Means

Home > What It Means > A Fresh Look At The Future Of The CISO

A Fresh Look At The Future Of The CISO

Oct 17 2024

The role of the chief information security officer (CISO) is more vital than ever. But how are CISOs holding up under the spotlight, and how is the role changing? VP and Principal Analyst Jeff Pollard and Principal Analyst Jess Burn share some new research on the future of the CISO.

Featuring:

Jeff Pollard, VP, Principal Analyst and Jess Burn, Principal Analyst

Show Notes:

In a year when 78% of organizations have reported at least one security breach, the role of the chief information security officer (CISO) is squarely in the spotlight. But with that spotlight comes a lot of pressure and expectations. In this episode, VP and Principal Analyst Jeff Pollard and Principal Analyst Jess Burn discuss their soon-to-be-released update on the future of the CISO.

The discussion starts with a look at the current state of the CISO. Pollard says the importance of the CISO role has grown significantly over the past few years, fueled by increased customer expectations for better security in both B2B and B2C contexts. One sign that the role is improving in stature is that a CISO’s tenure today is on par with that of other C-level titles, which was not the case in the past.

But with that improved stature comes a rise in scrutiny and even personal legal implications for the role, making it more challenging and intense for security leaders. Burn says CISOs must think about self-preservation, which could mean retaining personal counsel, negotiating golden parachutes, and creating a paper trail of program gaps to share responsibility and mitigate scapegoating.

The conversation then delves into a fresh look at the six types of CISOs outlined in the forthcoming report: postbreach, customer-facing, steady-state, tactical/operational, transformational, and compliance/risk-focused. Burn explains that these types were developed by analyzing CISO job postings and bucketing them into categories, each of which has its own focuses and trajectories. For example, she points out that compliance- and risk-focused CISOs are in high demand due to the ever-changing regulatory landscape, while transformational CISOs are sought after because they can overhaul or build new security programs.

In addition to highlighting the various CISO types, the conversation touches on the role of the business information security officer (BISO), which can function as a liaison between the CISO and lines of business and specific functions to ensure that security is not an afterthought.

The episode concludes with a preview of the upcoming Forrester Security & Risk Summit, where Burn will present the updated research on the future of the CISO and discuss how CISOs can better understand themselves, play to their strengths, and navigate their careers. The Summit agenda also features a CISO panel with different types of CISOs represented and Pollard’s session for CISOs on forecasting for security programs.

Get The Insights At Work Newsletter

Country*

Yes, I’d like to receive Forrester’s Insights At Work newsletter and receive occasional survey invitations and marketing communications.

Thanks for signing up.

Stay tuned for updates from the Forrester blogs.

Featuring:

Show Notes:

Related Links

Categories

Focus 2025 Security Budgets On Risk Mitigation And Tech Sprawl

Security leaders, explore our 2025 Planning Guide for benchmarks on where to invest, divest, and experiment with your budget.

How Coach-Like Managers Build Better Teams

The Return Of Infrastructure: Building An AI Base

Get The Insights At Work Newsletter

Thanks for signing up.