These CISOs explain why they got fired

Sometimes the chief security officers become the fall guy.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Today’s Chief Information Security Officer (CISO) leads an increasingly precarious life.Since the emergence of the job title in the late 1990s, the CISO job has become more complex - and demanding - by the day.

Whereas once this was a technical job focused largely on fixing firewalls and patching vulnerabilities, today’s security chiefs are expected to do this and a whole lot more. They’re charged with juggling the day-to-day operations of their security team with meeting board expectations while also staying abreast of an ever-evolving threat landscape and regular regulatory changes.

As a result, it could be argued that the CISO job is a poisoned chalice: the job is well-paid, respected and increasingly available to people of all backgrounds (thanks to the well-publicized InfoSec skills shortage), and yet the average job can last 18 months or less. A CISO could be dismissed for any number of things, from a breach or missed vulnerability to failing to align security operations with the board’s business goals.

One former head of InfoSec spoke of the challenge facing security heads in thriving - and even surviving - in their job.

“CISOs have an incredibly difficult job in that they are responsible for something they can never provide 100 percent assurance on, i.e. securing the enterprise. All it takes is one missed vulnerability, one insider or one accidental "insecure" process.

“They are invaluable when they fully understand this and can properly manage the associated expectations. The problem is that this requires not only the complete understanding of how to properly manage short- and long-term projects, completing at scale and against budget, but also the technical knowledge and security understanding to ensure the right priorities are being addressed.  

“The role is almost a unicorn - technical, but with people skills. Executive-level, but with project management capabilities. Laser-focused prioritization but with broad overview knowledge and understanding.”

Given this, and the constant speculation over how CISOs come to be dismissed, CSO Online interviewed three fired CISOs, a firing CIO and a host of other InfoSec experts to find out why CISOs get fired, where they end up...and how others reading this can avoid the same fate.

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.