 back to blog

Is a focus on tech skills for CISOs holding us back in the boardroom?

The Masked CISO
February 17, 2022
Please note that this is an automated translation. For the most accurate information, refer to the original version in English.

The Vectra Masked CISO series gives security leaders a place to expose the biggest issues in security and advise peers on how to overcome them.


Cyber security is a fledgeling compared to industries like risk management—Lloyd’s insurance was founded in 1688! The CISO title is even younger, first appearing around 2005. But the role has still never been clearly defined, and every CISO is working differently. 

Defining the role isn’t easy when the person hiring the CISO can be wildly different. CISOs report to CEOs, CIOs, CTOs and more, and the skills needed depend on the nature of the business and who they report to. CIOs and CTOs want a technical advisor, while CROs tend to address problems from a risk management perspective. CEOs just want the world—yesterday.

It comes as no surprise that CISOs are typically under a lot of pressure, and this leads to regular rotation of roles, and attrition within security departments. However, this could be stopped if CISOs were given more autonomy and responsibility. 

Reporting lines do not dictate power or the value of a role, but when most CISOs are still reporting to a technical leader—this limits the ability to be strategic and dilutes value. For the CISO role to be on a par with other technical leaders, we need the ability to challenge CIOs and CTOs, to ensure security isn’t bullied into accepting risk to meet the demands of agile IT projects. The way CISO roles are typically arranged today, we’d be fortunate to be in a situation where collaboration exists. And when it’s not—we are forced to accept mounting risk without the tools to address it. 


CISOs expand your skillset and gain influence

If a CISO is lucky enough to hire their own replacement—we’d create the job description, and naturally the ideal successor would tend to have a similar skillset… leaning on the technical side. While it’s essential to understand what security teams are doing, to grow the CISO’s influence—developing soft skills are essential, like stakeholder communication, business acumen and strategic planning. If not, we’ll be stuck in the SOC and kept out of the boardroom for another 20 years. 

For CISOs looking to have the most influence in their organisation, look for the following: 

  • A role requiring oversight into technical tasks without executing them—I’ve seen CISOs involved in incident management due to incorrect expectations. This is not a healthy position for an executive.
  • Understand where security fits in the business strategy—is it an essential part of the business model, or will the role be largely technical? Will you be too busy putting out fires to drive change?
  • Look at the current process chain for security and ask about maturity—does the company follow defined processes and policies, does it have a mature incident response plan? This will give you a good picture of where you’ll be spending your time.
  • Ensure you have purchasing control—you can’t solve the skills gap by throwing multiple products at an overstretched team. 


Successful CISOs must be able to update security controls, swapping old tools for solutions that reduce manual effort and prioritize actions, like AI detection and response. 

This blog was first published in The Register.

Want to learn more?

Vectra® is the leader in Security AI-driven hybrid cloud threat detection and response. The Vectra platform and services cover public cloud, SaaS applications, identity systems and network infrastructure – both on-premises and cloud-based. Organizations worldwide rely on the Vectra platform and services for resilience to ransomware, supply chain compromise, identity takeovers, and other cyberattacks impacting their organization.

If you’d like to hear more, contact us and we’ll show you exactly how we do this and what you can do to protect your data. We can also put you in contact with one of our customers to hear directly from them about their experiences with our solution.

Get in touch