Cloud Security Perspectives and Insights

The Changing Dynamics of the CISO

Greg Jensen
Sr Principal Director - Security - Cloud Business Group

We have seen it throughout history where changing geo-political demands have created opportunities to enhance the way we respond within the government itself.  As a history buff, I look often at the structure of the US military back in WW2. Many simply don’t recognize that back then, we didn’t have a US Air Force, or Coast Guard, Space Command, NASA or Cyber Command or Department of Defense.  These departments all were created after WWII ended to create focused capabilities and take the load off of the Army, Navy and Marines.

We see the same in the corporate world today.  The position of the CISO started as one where many reported directly into the CIO. Today, we see fewer than 24% reporting into the CIO, while a much larger percentage reporting into the board.  Not only that, but our data reflects many organizations are adding new roles such as the chief privacy officer (CPO) and the data protection officer (DPO) which many organizations are implementing under the EU’s GDPR.


All of this is creating very positive focus for the CISO and CIO.  Historically, the CISO has been charged with owning the privacy, risk, compliance, security conversation. Now, more than ever, this is becoming a shared-responsibility across the c-suite which is what this should be.  Sophisticated boards are realizing that a business is like our friends in the military of the past and present, and one thing is a constant. If you have ever witnessed a naval vessel underway it is inspirational the orchestration they work within. Each team doing their own function (fuel, ammunition, maintenance, aircraft, communications…etc), but one thing they all are trained to do is to be a firefighter.  Today’s boards are realizing more than ever that they have to ensure that every member of the C-suite and executive team is working in a fully orchestrated manner, but also able to step up and fight the fires of security, risk, data protection and privacy for their customers, partners and shareholders.

So how can you get the most out of your CISO?  For starters…..sit down with them over a cup of coffee. Share your business goals with them and make sure you understand theirs.  I can assure you that there is more in common than you realize.  Find out how inviting the CISO into your conversations for the planning of your next cloud service, or supply chain engagement will not only reduce the risk of these endeavors, but likely reduce the time to market for each additional project you engage in moving forward. 

CISOs are here to be business enablers as they know your staff are going to move forward with or without them so the most effective model is to work in a way to identify a safe path to accomplish these goals that meet regulatory compliance objectives, provide full visibility and audit controls and enable a rapid response to threats with automated technology. 

To learn more about how your own team can learn how to be better enabled to fight your own security and privacy fires by working closer with your own CISO, read our latest report “The Mission of the Cloud-Centric CISO”.  If you are joining us this month in San Francisco for Oracle’s OpenWorld Conference, I hope you will join me and my co-author (Brian Jensen of KPMG) of our annual report, the  Oracle and KPMG Cloud Threat Report 2019 as we dive into “The Art of Risk Aversion and Threat Mitigation in the Cloud” which will be Wednesday, September 18th at 4:45pm  Register HERE.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.