­
They Said a CISO Does What? - All Articles - CISO Platform

They Said a CISO Does What?

They Said a CISO Does What?

The cybersecurity industry had challenges with bringing in new blood and facilitating the career growth.  Misinformation has unfortunately played a part in making various roles appear unattainable, when we should be doing the opposite.  We should be embracing flexibility, identifying opportunities, and most of all discussing realistic expectations and roles.

Who writes this stuff? 

I stumbled upon an article titled “Know more about colleges, jobs, and courses to become a CISO” where they outline the role and qualifications of a CISO.

According to this misguided article, apparently qualifications for a Chief Information Security Officer (CISO) requires:

 “Understanding of SMTP, DNS, HTTP, Network routing, VPN, and other technologies”

Nope, you have confused us with network engineers/architects.  We know what these protocols, languages, tools, and architectures are, but likely would not be qualified to design, configure, troubleshoot, or readily determine the specifics if someone is abusing them.  That is why we leverage highly specialized technical experts for configuration and comprehensive inspection.

 

“Understanding of Digital Millennium Copyright Act, trademark, intellectual property, Safe Harbor Provisions, GDPR, and other federal and international legal precedents…” 

You have mistaken us for our close partners, the lawyers and privacy experts.  Each of these areas requires a high degree of expertise.  Even a small error can become a big legal problem.  CISO’s know these areas but are not the experts.  Again, we partner with others.

 

“Ability to read and analyze multiple log formats”

I don’t know of a single CISO who spends their days analyzing logs.  That is a SOC level 1 or level 2 function.  Important, but the CISO’s time is not well spent on log analysis!

 

Also, as a kicker, the author has signed us CISO’s up to make “a framework for risk-free and scalable operations “.  Risk FREE.  Wow, good luck with that.  The proper function of a CISO is to manage risks to an acceptable level.  We cannot eliminate all risk.  Even if it were technically possible, which it is not, it would be infeasible due to extreme cost and added friction for users.

 

I call all this out because misinformation is harming our industry by setting inaccurate expectations.  We must clean up job descriptions and clarify the actual roles and responsibilities of positions. 

 



 

Thanks for watching and reading! I put out a new video about every week on various cybersecurity topics, risks, ideas, events and best practices. If you like these cybersecurity videos and are interested in more cybersecurity insights, rants, and strategic viewpoints, please click the Like button and Subscribe to the Cybersecurity Insights channel

Follow me on:

Votes: 0
E-mail me when people leave their comments –

CISO and Cybersecurity Strategist

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (Monthly)

  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

CISO MeetUp: Executive Cocktail Reception @ Black Hat USA , Las Vegas 2025

  • Description:

    We are excited to invite you to the CISO MeetUp: Executive Cocktail Reception if you are there at the Black Hat Conference USA, Las Vegas 2025. This event is organized by EC-Council & FireCompass with CISOPlatform as proud community partner. 

    This evening is designed for Director-level and above cybersecurity professionals to connect, collaborate, and unwind in a relaxed setting. Enjoy…

  • Created by: Biswajit Banerjee
  • Tags: black hat 2025, ciso meetup, cocktail reception, usa events, cybersecurity events, ciso

6 City Playbook Round Table Series (Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata)

  • Description:

    Join us for an exclusive 6-city roundtable series across Delhi, Mumbai, Bangalore, Pune, Chennai, and Kolkata. Curated for top cybersecurity leaders, this series will spotlight proven strategies, real-world insights, and impactful playbooks from the industry’s best.

    Network with peers, exchange ideas, and contribute to shaping the Top 100 Security Playbooks of the year.

    Date : Sept 2025 - Oct 2025

    Venue: Delhi, Mumbai, Bangalore, Pune,…

  • Created by: Biswajit Banerjee

National Insider Risk Symposium, Washington DC, USA 2025

  • Description:

    We are excited to invite you to the 10th National Insider Risk Symposium, a premier forum bringing together leaders and experts from both the commercial and public sectors to address the evolving landscape of insider threats. CISOPlatform is a proud community partner for this event. 

    Event Details:
    Venue: National Housing Center, 1201 15th St NW, Washington, D.C. 20005
    Dates: September 17–18,…

  • Created by: Biswajit Banerjee
  • Tags: national insider risk symposium, ciso, cybersecurity events, usa events