Back in the early days of networking, many companies assigned all of the responsibilities to anyone who showed any aptitude towards operating a computer. In many companies, this was an accountant or someone else who also managed sensitive financial information. The assumption was that the person managing the corporate books was the most trustworthy person in the organization. This is perhaps true of finance, but as you can imagine, not only were the networks poorly managed, but the security consisted of whatever the software manufacturer put into place.

As computer science evolved not only as a discipline but also as a career, more companies recognized the need for more qualified individuals to manage the machines. Along with the evolution of computing, security slowly emerged. However, it creeped along with the same approach as the early networking days, that is, it was trusted to the network administrators. Fortunately, the position of security engineers and analysts became more commonplace, eventually rising to the level of Chief Information Officers and Chief Information Security Officers.

The early CISOs were often little more than figureheads in many companies. In many cases, the CISO title was added on to the responsibilities of the Chief Operations Officer or the Chief Administrative Officer. This was mainly because cybersecurity was still not taken seriously. As more and more companies fell victim to attacks, government regulations started to include the CISO as a vital component of a full cybersecurity program. Not only did the CISO role become codified in law, but the entire role of the CISO also started to shift.

A CISO in the Modern World

One way that the CISO role has changed is through the increased existence of a remote workforce. This expansion of the network perimeter has increased the complexity of security management. Part of the (Read more...)