The Future of the CISO Role is at a Crossroads
Leigh McMullen
Keynote Speaker, Consigliere, Distinguished Industry Analyst and Gartner Fellow
Unlike the famous crossroads, CISOs won’t have to sell their souls for fame and fortune, but they do have a decision to make. Do we rise to a larger role encompassing all dimensions of digital defense, or mind our knitting and let someone else do that.
Do we really need a new remit?
As I argued in?Digital Business Defense is More than Cybersecurity??digital is integral to the delivery of all services and capabilities at scale, and as a consequence both the opportunities and threats incumbent in digital power need to be understood at a “DNA” level by all executives.
I got a bit of push back on that piece’s implication that a new remit is needed.?“We’ve been doing this for 20 years, this isn’t new” was a common refrain.?Perhaps not, but we’ve passed an important tipping point.
We are in an era where even the most manual processes fail if the “the computers are down”. Sure my mechanic can do an oil change, but they can’t get paid if the system’s down. Of course, that’s been true for a while, so perhaps my critics are right,?same as it ever was.
Digital transformation, though, is changing my mechanic at a more?fundamental level.?What was once a?“low-tech”, “manual labor”?business is no more.?As cars become more and more multi-system computer networks on wheels the tools necessary to maintain them have similarly become high tech,?interconnected,?and increasingly vulnerable.
True Story: I couldn’t get an emissions inspection the other day from that same mechanic because… “the system was down”.?More than that, trying to connect my car to the inspection computer created a fault in my car’s engine management system, which then took an hour to clear.?There is?more than just cybersecurity threatening our digital foundations and futures.
?
And Yes, there are a jillion different compliance, continuity and risk management roles in large enterprises. Yet, these are teams all pointed in different directions,?with different leadership and different goals and metrics; and?digital is where they all come together.
?
I harken back to the dawn of digital transformation for our path forward.
At the dawn of the digital age, we argued not for a new functional area to encompass digital, but a new umbrella role that would spearhead and steward digital transformation?across the enterprise.??A “Johnny Appleseed” for digital transformation sewing the seeds of digital opportunity everywhere. And, Mate, did that work,?(probably too well).
We also argued that that role would be?temporary, that it would eventually revert back to a hybrid CIO/Business Technology remit. Which we’ve also seen happening increasingly.??To solidly anchor this point:?Awareness of “Digital Opportunities” is not what’s inhibiting digital transformation anymore.
?
Cybersecurity and digital resilience?are?what’s standing between us and the future.
As I said to the bosses when I asked to move to cybersecurity research,??None of this cool digital stuff works if we don’t get the cyber right…??And we need a cyber-smart business person in cyber to help shape this.
This isn’t just about increasing risk awareness at an executive level though, it’s about really?bringing together the worlds of digital opportunity,?digital risk, and resilience.??If we don’t,?we risk being the folks following “Johny / Jillian Appleseeds” spreading manure all over their grand plans.??Sure it helps the trees grow, but nobody likes the smell.
?
Next up we’ll be talking about what this role’s remit should actually be, and what we might call it. If you have opinions please share them in the chat here or on LinkedIn
###
This topic was heavily debated among the “Mad Scientists of Cybersecurity” cohort. Particularly?Andrew Walls?and?Chris Mixter?really helped shape my thinking here, as did the brilliant challenges of?Patrick Hevesi?and?Jay Heiser.?This post is not a consensus?position of Gartner.?
The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.