How does a CISO measure success?

In this continuation of the previous episode, Dr. Eric Cole sheds light on how to measure security with realistic metrics. Some areas to consider while applying for the CISO position would be: Why is it unfortunate for a CISO to work under the CIO? How can it limit their reach? Why should CISOs branch out after working for the CIO?

Watch this episode to determine how you can measure success as a world-class CISO.

In this episode:

  • 0:30– You’re only competing against yourself
  • 4:30– IT reports directly to the executives
  • 5:00– What is a clear metric to measure IT?
  • 5:30– Cybersecurity is broader than IT
  • 6:30– Is the CISO under the CIO?
  • 8:30– You are a limited CISO if you’re reporting to the CIO
  • 10:00– Who briefs the board quarterly on cybersecurity?
  • 12:00– Reporting to CIO as CISO should be short-lived
  • 13:00– Staying buried under the CIO will limit your potential
  • 16:00– Be clear in your job description about what will you be doing
  • 17:00– Many companies struggle with what a CISO does
  • 17:30– Company regulations and customers are demanding CISOs
  • 19:00– Breaches are inevitable
  • 20:00– What is the goal of cybersecurity?
  • 25:00– Having 5 breaches a year is the reality of the situation
  • 27:00– Eliminating breaches as quickly as possible is the goal
  • 28:00– Why is security broken in companies today?
  • 30:00– Come up with realistic metrics to measure security