What is the Office of the CISO?

Written By Yehuda Kirschenbaum
What is the Office of the CISO?

Change in the digital world is electric and lightning-quick. It is what drives the industry and makes the evolution of cybersecurity so intensely fast-paced. There are times when the pace of change gets too fast even for the cyber world, leading to gaps in security. Bad actors can, and often do, use these gaps to their advantage. These vulnerabilities mean that threats and risks are constantly imminent. Therefore the main task of cybersecurity teams within an organization is to protect AND adapt to the cybersecurity and tech landscape. CISOs make this happen through strategic security guidance and governance.

Cybersecurity governance is tricky and unique to each situation, especially with the growing responsibilities CISOs are experiencing. Before, CISOs focused on hardware, endpoint protection, and on the perimeter. Today, CISOs are involved in software and cloud application security, and employee training. Some CISOs have a seat on the Board, while others still report to the board. This shift CISOs are experiencing is reflective of the board’s growing awareness of the importance of information security.

Cyber threats are sometimes unavoidable and advances in technology make being a CISO a constant battle for overall comprehensive security. Examples are cloud technology, artificial intelligence, and machine learning, which are integral and crucial to organizations but also complicate a CISO’s job. Complex scores of regulations further complicate things. A CISO as a role may need some more support.

The Emergence of the Office of the CISO

Every organization is different so each CISO situation has different surrounding circumstances. It is mostly universal that the CISO role is growing and this growth can be the reason why many organizations think it's time for a change in responsibility distribution.


One possible change is the Office of the CISO (a structure with many CISOs working together to replace the once singular CISO role.) Having multiple CISOs is conducive to better awareness and understanding of how to respond to threats and protect the organization. It is also helpful for making the organization more resilient with a stronger ability to bounce back. The workload of the CISOs becomes more manageable and allows for each CISO to shine in their specialty, working together as a balanced team. An overall security lead will need to be appointed for reporting and management purposes.


How Global Organizations Have Embraced the OCISO

The Office of the CISO at AWS

AWS has an Office of the CISO that has important functions externally and internally within the organization. The CISO at AWS, Adam Hirsch, has a team to provide support to customers and AWS teams that need security information or aid. This collaborative environment addresses many organizations’ growing cybersecurity needs and allows a CISO to stretch and reach more people who can use their influence and expertise.

Since AWS has so many customers, the OCISO works to make communication between security leadership and customers smooth and clear. Communication with high-level security specialists is more accessible through the OCISO and it allows customers to feel more confident in the AWS security and make better decisions regarding their cloud security posture.

Internal collaboration on security is also a focus of the OCISO. The OCISO plays a vital role in maintaining best practices and knowledge by sharing information across AWS teams. It is the place from which security information is sent to the teams within AWS. This is important for the shared bond and interdependence of the security teams and service teams at AWS. The OCISO at AWS also bridges the gap between the AWS security team and the broader Amazon.com security team maintaining a united approach to cybersecurity. 

The Office of the CISO at UCLA

Based on the sensitivity of information resources, the OCISO at UCLA defines and reviews policies, procedures, and standards when it comes to cybersecurity concerns like  IT Governance, Network Security, and Risk Management. It is the central hub for UCLA IT Services, used for collaboration, guidance, and consistency across campus. Responding to security incidents and creating risk assessment strategies, the UCLA OCISO works closely to help develop and execute the UCLA IT security plan.


The Office of the CISO at Google Cloud

Google Cloud’s Office of the CISO aims to help customers maneuver around cloud-related cybersecurity challenges gracefully and in a clean fluid manner. They make this happen through strategic security guidance. Phil Venables and Nick Godfrey founded Google Cloud’s OCISO with a mission to promote better relationships and help organizations grow technologically. Collaborating with each individual customer and pushing for cloud security innovation, they aim to make the cloud security landscape better with improved best practices and new approaches.

With OCISO leaders from diverse industries like Alicja Cade (financial services), MK Palmore (public sector), and Taylor Lehmann (healthcare) they are able to offer tailored solutions and connect with clients in a way that resonates with them. 

Beyond Google Cloud itself, the OCISO hopes to promote and stress the impact collaboration can have on the digital ecosystem.

The OCISO and its originality of design are inspiring and will hopefully lead to a future with more cybersecurity collaboration and exploration. With this perspective, the cybersecurity world is on its way to building great trust and security.

Yehuda Kirschenbaum
Previous

Conversations with CISOs: Interviews with Our CISO Advisors Rinki Sethi and Lucas Moody
Next

The Top CISO Stories From Around the Web: May