The CISO's Role, and Job Description, within Cybersecurity

Jonathan Trull, Chief Information Security Officer


For many students entering Regis University’s master's degree in Information Assurance, their top career goal is to one day achieve the coveted title of Chief Information Security Officer/Chief Security Officer, more commonly shortened to CISO (pronounced “SEE-So”) or CSO.  The CISO is the organization’s executive responsible for information security within the organization.  Not only can the CISO be extremely influential within an organization, but these top cyber security jobs often draw large salaries, including signing bonuses and nice corporate perks. In fact, the SANS Institute lists the CISO job as number 10 on its top 20 list of cool cyber security careers.

Sound appealing? Ready to sign up?  Before signing on the dotted line, there are a few things you should know.  Most importantly, it’s not a job for the fainthearted.

The New York Times recently published an article titled, “A Tough Corporate Job Asks One Question:  Can You Hack It?”  According to the article:

Chief information security officers have one of the toughest jobs in the business world:  They must stay one step ahead of criminal masterminds in Moscow and military hackers in Shanghai, check off a growing list of compliance boxes and keep close tabs on leaky vendors and reckless employees who upload sensitive data to Dropbox accounts and unlocked iPhones.

They must be skilled in crisis management and communications, and expert in the most sophisticated technology, though they have come to learn the hard way that even the shiniest new security mousetraps are not foolproof.

The burnout rate is high, and the average CISO only lasts two years in the job before being fired, replaced, or leaving for a more peaceful career.  The most nerve-racking component of the job is that you must be right 100 percent of the time, where your attackers only need to get it right once.  And when bad things happen, which based on current trends they inevitably will, there is usually one person to blame.  Can you guess who that might be? 

Speaking from experience, the CISO job is both the toughest and most rewarding job you can obtain.  Over the next several months, I will be writing a series of blog posts about landing, keeping, and thriving in the CISO role.  Until the next post, for those already in the job, my best immediate advice: develop a good sense of humor.

Learn more about the online Master of Science in Information Assurance from Regis University. Call 877-820-0581 or request more information.