top of page

Is the role of the CISO still valid?

In more than two decades that we have been focused on developing technology solutions for our clients, we see that every day, companies rely on technology as a strategic area. But just as technology advances, cyber threats grow at the same pace. It seems like we are playing cat and mouse, and there is still debate about who is the cat and who is the mouse. It is estimated that there are around 2,200 cyber attacks per day in the world, and that approximately 800,000 people are hacked each year. It is in this environment that we have seen the functions and role of the head of organizations' cybersecurity, the CISO, Chief Information Security Officer, develop. Its relevance is essential.

A CISO is the executive responsible for the security of an organization's information and data. Stephen Katz, who was the CISO at Citigroup in the 1990s, since then defined the responsibilities of the CISO as the following:

  • Operations security,

  • Cyber ​​risk and cyber intelligence,

  • security architecture,

  • Identity and access management,

  • Administration of programs to mitigate risks

  • Forensic investigation and,

  • Governance.

In many cases this role also includes the physical security of organizations. Their profile generally consists of a person with engineering studies and a postgraduate degree in business administration. Also, you must have multiple certifications in specific cybersecurity topics.

Despite its growing relevance, according to JC Gaillard of Corix Partners, this strategic position has always had problems of budget allocation, wrong line of communication, lack of skilled and poorly trained personnel, as well as lack of importance given by the company managers.

Now in 2023 it has been said a lot that the role of the CISO has changed and it was to be expected. It is already common to hear of data leaks of millions of users that also involve losses of millions of dollars. The CISO no longer only has to be aware of cyberattacks but also prevent them, identify them and constantly update to avoid them. In addition, you need constant communication with the other managers of your organization to have a strategic vision of the needs and operations. Their position increasingly becomes one of leadership and not just support for the different areas of the business.

The role of the CISO today must be on par with that of senior company managers. If there is no security that guarantees the safeguarding of company operations, it is almost certain that this will translate into economic losses, recognition and trust. In addition, it has a key aspect among its responsibilities: training the people who work in its organization in cybersecurity.

In the coming years, with the evolution of AI, we are sure to see this role adapt, mutate and perhaps later, split. As an example, not only will cybersecurity experts be needed, but people with a specialty in the application (ethics) of AI technologies, in corporate risk management and in digital forensic analysis, to name a few.

Just as technology evolves, the response we have to it also changes. We need to know, diagnose and prepare the entire organization to mitigate cybersecurity risks. At CyberLat, our philosophy is prevention and we can support you for the challenges you face as a CISO. Schedule a discovery call with us at


bottom of page