Different types of CISOs: “The CISO Spectrum”
After spending so much time with CISO over the past two decades, I can tell you with confidence that there are different types of CISOs. Different types of CISOs can have different approaches to cybersecurity that dictate, or at least strongly influence, the focus of their security programs.
I call this list of types of CISOs the “CISO Spectrum.” This list isn’t exhaustive; it simply contains the types of CISOs I have encountered over the past 20 years of my career:
- Type 1: The IT Director with cybersecurity responsibility. They were perhaps the most technical of all the types of CISOs I encountered, typically having had more IT expertise than cybersecurity expertise. They knew all about the IT infrastructure that they supported and were trusted members of the IT leadership team. They were assigned cybersecurity as part of their job function. They had the aptitude and the desire to learn...