As the threat landscape grows and legislation becomes more stringent, the skills and competencies for success as a Chief Information Security Officer (CISO) also become more significant.

Our research shows that there are different CISO styles and the best match depends on the environment and level of organizational maturity the individual is asked to oversee and protect.

1.- Technical Lead

Often coming from an IT or IS background with a strong bias and passion towards the more technical and detailed aspects of cyber security. May have a long list of industry certificates and accreditations to support and underpin their experience. Focus on tools and technology as the main element to the mitigation of risk. Typically develop a solid allegiance and affinity with technical and IT/OT departments and system owners. Seen as technical experts and respected ‘geeks’ by the business. Tends to think and operate from a more conventional and conservative world view. Medium to longer term drive and momentum. Focus on ensuring systems and architectures are resilient and secure.

2.- Strategy Lead

Often coming from a commercially focused background where leading on finding and developing appropriate solutions to business related challenges or problems is critical. Sees technology as an enabler and a means to an end to get a job done. More a consumer of technology than an enthusiast. Visionary, post conventional thinker and driven style. Can visualise and work with whole systems and process’s across an enterprise. Wants to lead change and is not frightened by the challenges of doing so. A disruptor to the status quo. Sets the vision, develops the road map and the strategy to meet current and emerging challenges. Focus on ensuring the business as an ecosystem is secure. Communicates well with the executive team as ‘speaks their language’ and understands the business implications of cyber security as well as how to articulate and present this to the board to gain their support and backing. Aligns the organisation to a clear set of objectives and works with cross departmental and functional teams to implement. Audits progress and maintains progressive momentum, adaptive, open and approachable.

3.- Operational Lead

Often coming from a security focused operational role within the business and experienced in managing the day-to-day operational aspects of information and data security. Strong focus on understanding business needs underpinned by a good grasp on supporting technologies and functions such as the Security Operations Center (SoC) and/or Network Operations Center (NoC) or the IT support function. A conventional thinker with the ability to effectively blend operational and security needs in a manner that balances a pragmatic approach to sometimes competing disciplines. Most effective and motivated in a steady state BAU environment where developing day-to-day security resilience aligned to operational efficiency is paramount.

4.- Advisory

Often coming from a consultative background and taking the role of trusted advisor to the senior executive and main board. Has an in depth knowledge of the cyber risk landscape and the impact that a significant breach would or could have on the corporate infrastructure. Skilled in areas such as post breach recovery and managing the development of a cyber resilient ecosystem. Articulates and sells the need to take cyber security seriously and is respected as a credible source of advice and guidance across the enterprise. Capable of delivering both conversional and post conventional strategies and solutions to meet security needs. Sees technology as a part of the solution but understands that taking a more wholistic approach is needed to beat the cyber criminals and the evolving risks that encompasses. Effective in supporting CISO’s to achieve greater and faster progress and in challenging the status quo where needed.


Ascot Barclay Group Limited
71-75 Shelton Street, Covent Garden
London WC2H 9JQ
United Kingdom

“Mike Loginov is a commentator and presenter on the International Cyber Security Speaker Circuit and has been a judge for the SC Magazine European Cyber Security Awards... read more

© 2018 Ascotbarclay. All Rights Reserved. Created & Designed by Gekkota   |   GDPR Policy