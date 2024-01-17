At the end of last year, I wrote that 2024 would go down as “the year of the CISO.” This affirmation wasn’t a CISO celebration. Rather, legal concerns, compliance requirements, board-level scrutiny, and continual job stress will make 2024 a challenging year for CISOs — so much so that some CISOs may simply declare “no mas” and seek out a more peaceful career path.

I’ve received a lot of feedback on this blog, much of it from CISOs who agreed with my perspective. Some asked for more data on why I came to my conclusion. While I formulated this thesis based on lots of one-one-one anecdotal conversations with CISO friends, I also reviewed some data from the Life and Times of Cybersecurity Professionals v6 research from ESG and the Information Systems Security Association (ISSA) International.

According to that research, 63% of cybersecurity professionals believe that working as a cybersecurity professional is more difficult today than it was two years ago. Similarly, 62% of CISOs shared this opinion but there was a slight difference as nearly one-third (32%) of CISOs claimed that working as a cybersecurity professional was much more difficult than two years ago, compared with 26% of non-CISOs.

What’s making things more difficult for CISOs? The ESG/ISSA data indicates that business aspects of running a cybersecurity program like working with the board, overseeing regulatory compliance, and managing a budget are primary contributing factors. This makes sense as the CISO role has evolved from technical overseer to business executive over the past few years. At the same time, organizations have increased their dependence on IT for automation, optimization, customer service, and digital transformation.

In aggregate, the CISO role is expanding within business strategy and enablement, while it’s increasingly difficult to accomplish core tasks like managing cyber risks, detecting threats, and responding to incidents. Not quite, “mission impossible,” but moving in that direction.

CISOs tend to be satisfied with their jobs

Despite the growing difficulties and job scope, most CISOs (82%) remain satisfied with their current jobs, slightly more so than non-CISO respondents (79%). Since CISOs tend to be more senior than other security professionals, they may have learned to be more proficient at managing stress, their careers, and job expectations than their non-CISO counterparts.