Cybersecurity, Emerging Issues in Security

What Does it Take to be a CISO?

Because our society is teeming with technological innovation and prowess, the role of the Chief Information Security Officer (CISO) is becoming increasingly important for businesses globally. What does it take to work at the executive level in cybersecurity? To determine this, Varonis analyzed data from the CISOs of Fortune 100 companies.

CISO stands addressing team at board meeting

monkeybusinessimages / iStock / Getty Images Plus / Getty Images

It is important to first understand what CISOs do. They are responsible for creating and maintaining an information security plan. They work proactively to reduce threats by collaborating across multiple departments, conducting trainings, and keeping the company in regulatory compliance. If these tasks were left incomplete, the business would be subject to a data breach or other security attack. This could lead to serious repercussions, such as leaking confidential employee or company information.

Some examples of famous cyberattacks and data breaches include eBay in 2014 and Yahoo in 2016. All of eBay’s 145 million users’ password-protected information was exposed after hackers had access to the company network for 229 days. Even worse, 500 million users’ personal information was compromised during the Yahoo data breach.

In previous decades, most if not all vital company information was documented physically. Do you remember in older movies or television shows how the main character breaks into the building in order to steal an important file from a locked filing cabinet? Popular culture reflects our shift to technology dependence, as protagonists and antagonists now hack into the computer system and download the file.

However, the way that the media portrays digital hacking is generally inaccurate. Contrary to common belief, it is typically a process that is time-consuming and complicated. Despite hacking being a slow process, your company could still be at risk without the work of the CISO.

Naturally, CISOs are proficient in information technology (IT). Yet they also possess softer skills that complement their tangible, technical knowledge. Communication and teamwork are essential to their job role. It’s crucial that they are able to convey complex information in a way that other executives and employees can understand. Teamwork is also fundamental, as CISOs work with other departments within the business to develop cohesive information security measures.

Because CISOs contribute such a unique blend of talents to the workplace, Varonis wanted to learn more about their educational backgrounds. After researching CISOs from top companies, it found that over half (56%) of them earned Bachelor of Science degrees. Nearly one-fifth of the CISOs who received a graduate degree earned a Master of Business Administration, with Master of Science degrees coming in just under that at 16%. Furthermore, Management Information Systems (MIS) was the most common field of study. Engineering, business, and computer sciences all nearly tied as the second most common.

In addition to CISO education patterns, Varonis also analyzed their common endorsements on LinkedIn. It found that information security, of course, had the highest endorsement rate at 35%. It is closely followed by security and, subsequently, leadership and information security management trailing in third and fourth.

Are you interested in becoming a CISO or learning more? Check out the infographic from Varonis that contains the detailed results of its study on CISOs. Read through to the end for advice from Fortune 100 CISOs.


Rob SobersRob Sobers is a Sr. Director at cybersecurity firm Varonis. He has been writing and designing software for over 20 years and is co-author of the book Learn Ruby the Hard Way, which has been used by millions of students to learn the Ruby programming language. Prior to joining Varonis in 2011, Rob held a variety of roles in engineering, design, and professional services.

For more information on Varonis, check out the following links: