The CISO has the shortest tenure of any C-level role. Why so brief? Is it the pressure, the responsibility, the opportunities, or all of the above?



Check out this LinkedIn discussion to read the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), producer of CISO Series and guest co-host Gary Hayslip (@ghayslip), CISO, Softbank Investment Advisers. Our guest is John Meakin, CISO, Equiniti.

Thanks to this week’s podcast sponsor, IBM Security

IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force research, provides security solutions to help organizations stop threats, prove compliance, and grow securely. IBM operates one of the broadest and deepest security research, development and delivery organizations. It monitors more than two trillion events per month in more than 130 countries and holds more than 3,000 security patents.

Got feedback? Join the conversation on LinkedIn.

On this episode of Defense in Depth, you’ll learn:

  • There’s a lot of confusion as to what a CISO needs to do. All job descriptions for CISOs are different.
  • There are humans behind the data and as a result CISOs are tasked with protecting the humans.
  • CISOs can improve their tenure if they seek out a business mentor to allow them to better support the business.
  • CISOs who aren’t able to communicate clearly will not last long.
  • It’s a CISO’s job to communicate in the language of the business, not the other way around.
  • Before the CISO ever arrives, there’s a business culture. There’s always going to be a natural push back from the business. “Why are you making us change?”
  • A simple walkabout the office can solve a lot of uncertainty.
  • If employees start asking questions about their personal security, that’s a good sign the CISO has successfully inserted security into the business culture.
  • Another huge factor that impacts CISO tenure are the increased opportunities. Regulations and privacy laws are pushing companies to get CISOs to provide much needed oversight.
  • What does the reporting structure in your organization mean in regards to the CISO being heard at the executive and board level?