What Questions Are CISOs Asking? Part 3

September 9, 2021 | By IANS Research

Mounting cybersecurity threats from sophisticated attackers only add to the scrutiny security teams receive from executives as the information security function continues to play a more pivotal role in the livelihood of the business. It's vital for security leaders to have reliable resources to turn to for advice when they need it most. For IANS clients, our Ask-An-Expert service is that on-demand, trusted resource, helping CISOs whenever they need it.

In the third of our CISO Questions series, we share questions CISOs asked of our team of 80-plus Faculty under the categories of executive communications and team structure and resource allocation.

CISO Question Categories

Questions About Communicating InfoSec to Executives 

Among the most popular category of questions CISOs ask our Faculty are those related to executive communication. Here is a collection of inquiries from that arena: 

  • Asking for advice on what concepts to incorporate in a security-focused executive training program for the company's leadership. Specifically, what areas of security are relevant to general leadership and what tools should be included?
  • Speaking with the Faculty on how to compile and present a risk-focused summary to an executive committee on IT security and infrastructure, including how to incorporate a cybersecurity risk scorecard, CIS top 20 controls, pen-test results and a table-top exercise for incident response.
  • Learning how to protect against ransomware and how to detect a threat actor before reporting to the board and executives about the ransomware protection enhancements. In addition, garnering an understanding of how other companies are preparing as well.
  • Calling for advice on how to convince leadership of the need for automation in IAM when everything is done manually and executives don't seem interested in change.

InfoSec Team Structure and Resource Allocation Questions

Common questions received in the team structure and human capital space are indicative of the challenge, and importance, security leaders place on the areas of talent acquisition and management. Here is a sampling of the team structure and hiring questions received by our Faculty:

  • Gaining a better understanding of how the structure of the information security function is evolving in financial institutions, and how the team can create a path for getting the CISO reporting to the CEO within 5 years.
  • Looking for advice on the structure of security teams for cloud, specifically, which roles should own what functions and what should be the overall responsibilities of the team?
  • Searching for help building a strategy around talent acquisition, development and retention, and cultural change management, from developing talent pipelines and addressing pay gaps to refining the interview process to find a cultural fit.
  • Garnering insights into DevSecOps teams for small government agencies, specifically, hiring the person with the right skills and learning about different models and embedded security resources.

InfoSec Resources for CISOs

Each of the examples above represent actual Ask-An-Expert requests from our clients to our team of hands-on security practitioners. The flagship service allows CISOs and their teams to pose an unlimited number of questions for our experts when they need it most.

Regardless of an organization's maturity level or industry, our Faculty can provide deep domain-level expertise to assist teams at any point in a security project.

Get in touch with IANS to learn more about how you and your security team can benefit from an Ask-An-Expert engagement.


Find additional resources from our security practitioners.


Learn how IANS can help you and your security team.