The CISO, the CSO and the Future of the Cybersecurity Organization

For many firms, it is a cultural transformation that is required, not just the implementation of some new tools.

Recent surveys continue to paint the picture of a fairly unhappy CISO community, hopping from job to job, trapped in failed and endless bottom-up games with senior executives in their attempts to justify their views of what needs to be done to protect their firm from cyberthreats.

The situation is almost presented as an unavoidable paradigm: Very few analysts question how and why the cybersecurity industry ended up in such state, or how to break out of it.

At the heart of the matter, lies the fact that, for over two decades, most firms have simply treated cybersecurity as a technical discipline

The current generation of CISOs is mostly made up of technologists by trade, background and for many, vocation. They have been pushing — bottom up — for over two decades a technology-driven, tool-driven agenda which, broadly speaking, has failed, and the acceleration of cyber threats linked to unstoppable technological and business evolutions has trapped them in the endless firefighting of cyberattacks, a painful dynamic that has prevented them from developing the leadership and…