Anatomy Of A CISO: What it takes to be a security leader

Five years ago, had you even heard of Information Security?  It certainly existed back then, but not many people were talking about it, at least not in the mainstream.  

Then we started hearing about data breaches at the places where we shopped and ate and the issue came to the forefront.  Now you just can’t have a business, let alone a Fortune 100 company, without someone heading your Information Security team.

CISOs, or Chief Information Security Officers, play a vital role in maintaining an organization’s digital security.  That means not only protecting a company’s intellectual property, but also protecting its customers.  In an age of nonstop data-breach threats, you want the best possible person heading your Information Security team.  So what does it take to be that person?

CISOs from Fortune 100 companies are almost all male (89%).  Only 85% have a Bachelor’s Degree or higher, and 40% have a Master’s Degree.  The most common degree from this group is business, followed by Information Technology and Computer Science.

Some have degrees in things like law, behavioral science, or engineering.  They’ve attended a wide range of colleges and universities, including the United States Military Academy and George Washington University.  They hold a number of professional certifications, most commonly CISSP.

The vast majority of Information Security professionals surveyed got their starts in the Information Technology sector, though that is followed by military and programming.

Only 8 out of 100 started in general business doing things like finance, marketing, or web communication.  There are many paths leading to Information Security, but it’s most common to stay in information security once you start there.

Perhaps what is most surprising about this group of Information Security professionals is how short a time they have been in leadership positions.  More than 60 out of 100 have only been in leadership for 1-5 years, whereas just a handful have been in a leadership position more than 15 years.  A whopping 80% of CISOs at Fortune 100 companies have only been in their current position less than 5 years.

When you consider how young the internet is relatively and how short a time there has been a need for such a position, though, this starts to make a lot more sense.

So what does a typical CISO at a Fortune 100 company look like?  They are overwhelmingly caucasian males between the ages of 40 and 50.  They hold 3 professional certifications on average.  They have a bachelor’s degree in a business field and their primary work experience is in the IT field.

As this sector of the workforce grows, there will be many more opportunities for new talent to get in on the ground floor.  Whereas many companies haven’t had anyone dedicated to preventing cyber threats in the past, the growing number of data breaches has led to an increased need for Information Security professionals.  Learn more about the anatomy of a Fortune 100 CISO from this infographic.  You might be surprised to find out what it takes!