Report explores the roles of information security leaders

22nd January 2018
Posted By : Alice Matthews
Report explores the roles of information security leaders


The inaugural CISO Report has been published by Synopsys, the result of a two-year data-driven study exploring the roles of information security leaders and the organisational dynamics that affect them. The Chief Information Security Officer (CISO) Report identifies four approaches to the CISO role called 'tribes', each with distinct characteristics.

The study emphasises how the four tribes differ in executing a security plan and what the tribes can learn from one another, providing insight for leaders looking to improve their security programmes and advance their careers.

"CISOs are humans too, and they sometimes worry about what they're doing, why they're doing it, and how they stack up against their peers," said Dr. Gary McGraw, Vice President of security technology at Synopsys. "Unsurprisingly, there is no universal blueprint for a CISO; but, there are common characteristics that we can use to classify and understand them in a meaningful way. We believe that when CISOs understand their own approaches with reference to others, they will be better informed about their own ways forward."

Following a similar methodology as the Building Security In Maturity Model (BSIMM), the CISO Report represents an analysis of data gathered over the course of two years in a series of extended in-person interviews with 25 CISOs working for some of the largest companies in the world. The report identifies and describes the four tribes below using 18 discriminators to define tribe identification:

  • Tribe 1: Security as enabler 
  • Tribe 2: Security as technology 
  • Tribe 3: Security as compliance
  • Tribe 4: Security as a cost centre

"The CISO Report provides a simple but undeniably cogent framework to describe one of the most nuanced and challenging roles in the world," said Jim Routh, CSO of Aetna and a participant in the study. "Rather than simply measuring the merits of the individual behind the title, this study thoughtfully describes the many internal and external factors that contribute to a CISO's success. It is particularly useful for business leaders determining what type of CISO will best fit with the needs of the business at a specific point in time."

You must be logged in to comment

Write a comment

No comments

Sign up to view our publications

Sign up

Sign up to view our downloads

Sign up

Wearable Tech Show 2019
12th March 2019
United Kingdom London
The Security Event 2019
9th April 2019
United Kingdom NEC, Birmingham