I often hear from IANS’ CISO clients how all-encompassing and hyper-dynamic their jobs have become. CISOs stress about protecting a constantly changing business and adapting quickly enough. The CISO’s role has changed in a way that is both
extraordinary and unprecedented when compared to Sales, Legal or other corporate roles. Why?
Some of this dynamism can be attributed to pandemic disruptions. But I believe that COVID has just accelerated a larger underlying trend: the digital transformation of the economy over the last 40-plus years. Here’s some data to illustrate the point.
Back in 1975, the market capitalization of the S&P 500 basket of companies was $715 billion. Established, household names -- GM, GE, U.S. Steel, Goodyear Tire, Eastman Kodak -- made up this group.
If you segmented the market capitalization of this group by tangible vs. intangible assets, 83% of the index’s value was captured by tangible assets—stuff like factories, trucks and inventory. Only 17% was ascribed to intangible assets—stuff
like software, intellectual property and goodwill.
Fast-forwarding to 2020, the market value of S&P 500 companies has now rocketed to $31.5 trillion, and the situation has reversed. The S&P’s value is now dominated by intangibles. Why?
The answer is software and the digitalization of the economy. This figure captures the extraordinary rise of Microsoft, Oracle, Amazon, Google, Facebook and hundreds of other software-focused businesses.
But this digital transformation is not just confined to S&P 500 companies. Software is now “eating the world” and we’re seeing every aspect of businesses—marketing, sales, logistics and finance—being transformed by software
to increase agility and reduce costs.
With this shift as a backdrop, now enter the CISO—the senior-most corporate exec tasked with protecting the business’s digital assets and processes. As physical assets and processes are being replaced by their digital counterparts, the CISO
has become an increasingly strategic, and integral, corporate executive.
We’re still in the early stages of the maturation of the CISO function in most organizations, but here’s what is clear: CISOs and information security colleagues must quickly scale up to meet this challenge.
To address this, in the fall of 2020, IANS embarked on a research effort to map out the specific executive competencies in which CISOs need to excel today and going forward. We interviewed 24 infosec leaders—Roland Cloutier, Shamla Naidoo, Adam
Fletcher, Larry Trittschuh, Paul Connelly and others—around what competencies and skills allowed them to thrive in their roles and how they plan to grow. We created a competency model that is specific to infosec leaders. The result of IANS’
work is called IANS Executive Competencies.
IANS Executive Competencies found:
- Technical know-how is table stakes for CISOs. Business and leadership competencies are the differentiators in today’s market.
- Infosec leadership is represented by five personas. Tech-Focused and Compliance-Driven leaders are still needed, but cutting-edge businesses want forward-thinking, Agile leaders capable of influencing and pivoting quickly.
- Sixty percent of IANS’ assessed CISOs were rated as Business-Aligned, meaning they’ve made strides in tailoring their programs to the business, but they’re still too reactive and tactical.
Here’s my suggestion. Download the report—it’s available here. If you’re interested in taking the Executive Competencies self-assessment, reach out to us at IANS@iansresearch.com. We’re committed to helping aspiring security
leaders and CISOs reach their full potential.