any companies nominally hiring CISOs seem to neither understand nor embrace the role and give it zero BSA (budget, staff and authority). Or they use the CISO in some purely technical capacity. Still others are hiring a CISO to check off compliance with some recently cemented regulation. Such a position amounts to someone hired to "sit on the bomb" so that when security inevitably blows up, there's a fall guy. Job candidates are left twisting in the wind, overqualified for the positions that are available, and unable to find leadership positions where they can effect the real changes necessary to protect stakeholders' interests.
By Scott Berinato at CSO.
[ Read more ]