The Top CISO Stories From Around the Web: January
From the CISO’s struggle for C-suite status to a case for why CISOs are ‘data custodians’ there were plenty of news stories this month that highlighted the most pressing issues CISOs are facing. Here are the top 5 CISO news stories that emerged this January:
1. The Top 10 Skills CISOs need in 2024
Source: Carnegie Mellon University, Software Engineering Institute's Insights
For the top 10 skills that CISOs need for 2024, Greg Touhill presents an array of intelligent ideas. Here are some highlights: Number three, Better Understand the Business of the Business, is a push for CISOs to pursue higher education. Number five, Improve Understanding and Management of Supply Chain Risks, says that CISOs will have to “face increased challenges from their boards to identify and characterize supply chain risks.” Number four, Manage Risk Using Advanced Metrics and Risk Quantification, is about making evidence-based decisions.
2. A CISO’s perspective on how to understand and address AI risk
Source: SC Media
AI’s impact is large and growing. However, it poses some challenges for the leadership roles responsible for cybersecurity including CISOs. SC Media’s post details four core risks: Technical, Operational, Regulatory, and Reputational. Technically, there can be lifecycle and supply chain risks associated with AI. Operationally, AI needs constant monitoring to prevent dependencies or inaccuracies. Regulatory-wise AI is gaining more attention leading to new and more strict regulations. Reputationally, Failures related to AI can greatly affect an organization’s reputation. To minimize these risks, SC Media’s post suggests “...to integrate security into an MLOps Lifecycle,” promote across-team teamwork, test thoroughly, and stay informed regarding regulations.
3. CISOs Struggle for C-Suite Status Even as Expectations Skyrocket
Source: Dark Reading
CISOs are held to higher expectations and have more responsibilities as regulations have gotten more intense. Despite this increase in responsibility, CISOs are still not universally viewed as C-suite roles. This translates to less support and guidance from the board. “Some of it is also inertia. Large, complex organizations take time to adjust to new challenges and organizational shifts.” The new and hopefully soon elevated CISO role can benefit an organization by improving awareness, visibility, and collaboration efforts when it comes to moving the organization forward and its optimistic trajectory.
4. CISOs should have an action plan for cyber resilience: Cisco’s Anthony Grieco
Source: TechCircle
Anthony Grieco, SVP & Chief Information Security Officer (CISO) of Cisco answers questions in an interview. The interview involved topics such as in what areas CISOs are not performing at their best, gaining new skills in the cybersecurity space, ransomware predictions for the new year, and India’s hand in cutting-edge cybersecurity technology. Regarding the pervasiveness of AI, Grieco is optimistic that it will be a positive force in the industry. When asked about Cisco’s part in India’s technological market (specifically in security), he shares his excitement about India’s “rapid digitization.”
5. CISOs are not just the keepers of our data – they must be its custodians
Source: CIO
CISOs are proactive to stay afloat in the cybersecurity space and data protection is paramount for this. Since there is so much data, compliance frameworks have gotten increasingly complicated. These compliances ensure protection and ethical use of data. The reason why this post relates as custodians is because CISOs are “...responsible for implementing and ensuring adherence to these policies.” Compliance can be a path to better security, but truly robust frameworks go beyond compliance.