{"title":"Understanding the chief information security officer: Qualifications and responsibilities for cybersecurity leadership","authors":"Christopher A. Ramezan","doi":"10.1016/j.cose.2025.104363","DOIUrl":null,"url":null,"abstract":"<div><div>As cyberattacks on businesses and critical infrastructure grow in sophistication and frequency, the Chief Information Security Officer (CISO) has become a pivotal role in organizations, tasked with leading cybersecurity programs and reducing risks to organizational assets. Given the importance of the position, this study seeks to expand on the sparse literature on the role of the CISO and provide insights on current position requirements and responsibilities to guide and inform higher education cybersecurity management programs as well as aspiring cybersecurity leaders. To better understand this critical role, this study uses a combination of natural language processing methods and manual information extraction to provide an in-depth dive into the responsibilities and requirements of the role through a comprehensive analysis of 250 CISO job postings listed across 27 nations. The results of the analysis showed that nearly 99 % of positions required prior professional experience, with 10 years being the most common experience requirement. Employers highly valued bachelor's or master's degrees in STEM or business fields, vendor-neutral certifications like the Certified Information Systems Security Manager (CISSP) or Certified Information Security Manager (CISM), strong communication skills, and knowledge of regulatory frameworks and cybersecurity standards. In contrast, technical expertise in cybersecurity platforms, programming skills, and security clearance were less frequently required, as were travel commitments. Current CISO responsibilities and requirements also emphasize the strategic and business-facing nature of the role, with an emphasis on strategic & management-level tasks, rather than tactical, technical tasks. Higher education programs seeking to train the next generation of cybersecurity leaders, as well as information technology, cybersecurity, or management professionals aspiring to obtain a CISO position should note the role requirements currently in demand by industry, as well as the strategic and management-focused tasks commonly assigned to the role and prepare accordingly.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"152 ","pages":"Article 104363"},"PeriodicalIF":5.4000,"publicationDate":"2025-02-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825000525","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
As cyberattacks on businesses and critical infrastructure grow in sophistication and frequency, the Chief Information Security Officer (CISO) has become a pivotal role in organizations, tasked with leading cybersecurity programs and reducing risks to organizational assets. Given the importance of the position, this study seeks to expand on the sparse literature on the role of the CISO and provide insights on current position requirements and responsibilities to guide and inform higher education cybersecurity management programs as well as aspiring cybersecurity leaders. To better understand this critical role, this study uses a combination of natural language processing methods and manual information extraction to provide an in-depth dive into the responsibilities and requirements of the role through a comprehensive analysis of 250 CISO job postings listed across 27 nations. The results of the analysis showed that nearly 99 % of positions required prior professional experience, with 10 years being the most common experience requirement. Employers highly valued bachelor's or master's degrees in STEM or business fields, vendor-neutral certifications like the Certified Information Systems Security Manager (CISSP) or Certified Information Security Manager (CISM), strong communication skills, and knowledge of regulatory frameworks and cybersecurity standards. In contrast, technical expertise in cybersecurity platforms, programming skills, and security clearance were less frequently required, as were travel commitments. Current CISO responsibilities and requirements also emphasize the strategic and business-facing nature of the role, with an emphasis on strategic & management-level tasks, rather than tactical, technical tasks. Higher education programs seeking to train the next generation of cybersecurity leaders, as well as information technology, cybersecurity, or management professionals aspiring to obtain a CISO position should note the role requirements currently in demand by industry, as well as the strategic and management-focused tasks commonly assigned to the role and prepare accordingly.
期刊介绍:
Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world.
Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
