The role of chief information security officer (CISO), a relatively new executive position, is undergoing some significant changes and an archetype has yet to emerge, a new global report from Marlin Hawk, an executive recruiting and leadership consultant, said.
More CISOs with STEM Degrees
Indeed, Hawk’s survey of 470 CISOs from last year to this year showed a 15% increase in those holding science, technology, engineering and math (STEM) degrees, indicative of a notable diversification of the talent pool. Moreover, the CISO position appears to cross multiple industries, with 84% of CISOs having a career history of working across multiple sectors as they move away from being technical experts to embrace skills such as communication, leadership and strategy.
According to Hawk’s data, no consistent description of what a CISO does or much agreement on the archetype of what a CISO should be doing has yet taken hold. What does surface from Hawk’s data is that CISO’s are increasingly expanding beyond technical expertise.
What the Survey Found
Key findings from the report include:
- 45% of global CISOs have been in their current role for two years or less, down from 53% in 2021, with 18% turnover year-on-year. While there is still a lot of movement in the CISO seat, there is potentially some stabilization emerging.
- Approximately 62% of global CISOs were hired from another company, indicating a slight increase in the number of CISOs hired internally (38% were hired internally compared to 36% in 2021) but a large gap remains in appropriate successors.
- 36% of CISOs analyzed with a graduate degree received a higher degree in business administration or management. This is down 10% from last year (46% in 2021). Conversely, there has been an increase to 61% of CISOs receiving a higher degree in STEM subjects (up from 46% in 2021).
CISOs are still more likely to serve on advisory boards or industry bodies than on the board of directors. In fact, only 13% of the global CISOs analyzed are women; approximately 20% are non-white. Each diversity dimension analyzed is down one percentage point year-on-year.
Adding perspective to the survey results, James Larkin, managing partner at Marlin Hawk, said:
"Today's CISOs are taking up the mantle of responsibilities that have traditionally fallen solely to the CIO, which is to act as the primary gateway from the tech department into the wider business and the outside marketplace. This widening scope requires CISOs to be adept communicators to the board, the broader business, as well as the marketplace of shareholders and customers. By thriving in the 'softer' skill sets of communication, leadership, and strategy, CISOs are now setting the new industry standards of today and, I predict, will be progressing into the board directors of tomorrow."
The job does not come without its downsides, Hawk said. For one, according to the search firm, many CISOs change roles and leave their jobs. Their skillset may not be adequate or new leaders get appointed to the job, they lack the necessary internal support or their company may not have the required commitment to cybersecurity to make the job effective, Hawk said.