A day in the life of a CISO

So what does an average working day look like for the CISO of a mid-size or large enterprise?  I recently spoke at length with the former CISO of an organization with 15,000 staff, and around $1bn annual revenues, to get his insights into the security, compliance and operational challenges he faces on a day-to-day basis.

The first point he made was that there’s no such thing as an ‘average’ day:  there are always new, unexpected events and issues that have to be dealt with, alongside all of the CISO’s other responsibilities.  However, he said that much of the time, he tries to structure his day around a regular sequence of activities, to help him stay on top of his organization’s security challenges.  Here’s his description of a ‘day in the life of a CISO.’

Intelligence updates:  Most CISOs begin their working day with a situation report – checking on their organization’s current security status for new or emerging risks, as well as for any significant security-related headlines through trusted media sources.  This helps to identify any urgent issues or potential concerns that need investigating.  Often times, the CISO will then bring these issues into their …

Daily stand-ups:  Meetings, and a lot of them, are a mainstay of the CISO’s day.  One of the responsibilities of the CISO is to liaise across departments, so regular stand-up sessions with a range of staff, from the organization’s CIO to IT and application teams are important.  Much like an agile software development process, the focus of the stand-up meetings is ‘what’s happening, what are we working on, and what do we need to achieve today?’  Any changes to, or issues in the organization’s applications or IT infrastructure have security implications, so it’s vital for the CISO to understand all changes that are planned or in progress.

Change control:  Following the daily stand-up, there’s likely to be a change control meeting with the application and security teams looking at a specific project, such as provisioning a new application, and evaluating the changes that will be required to network connectivity, security policies and compliance.

Consulting with support services:  CISOs use a range of support, consultancy and training services, from organizations such as the Information Systems Security Association (ISSA), the Institute for Applied Network Security (IANS), and others.  They will attempt to spend some time during the week talking or meeting with these organizations to get advice, and share information and updates – but often, there’s simply no time for this because of …

Audits, audits, audits:  A huge part of the CISO role involves managing audits and regulatory compliance processes. Typically, a CISO will have a dozen or more audits on his hands at any one time – and will either be preparing for an upcoming audit, responding to requests for compliance information from external partners or clients that the organization is working with, or meeting with an external auditor.  Gathering all the documentation and providing evidence of compliance is hugely time-consuming.

Meeting with the board:  CISOs usually report to the CIO, who sits on the board. The CISO’s position is often as the interface between the ‘business’ and ‘IT’ sides of the organization, so CISOs spend a lot of time preparing for, and attending board meetings to discuss organizational risk, security and compliance.  This also means they need to be fluent in both the strategy as well as the technical issues that will enable the business to remain secure and compliant.

Expecting the unexpected:  In addition to all of these activities, the CISO’s day could easily be derailed by an unexpected event, such as a hacking attempt, data breach, malware outbreak or application outage.  When such an event occurs, the CISO will work with his security operations center (SOC) team to quickly figure out what’s going on, and which business processes are, or potentially will be affected.

Dealing with these contingencies will also likely involve urgent meetings with members of the IT and security teams, or even the PR team, the board and legal advisers, depending on the type and scale of the incident.

All of these activities certainly make for a hectic schedule, and CISOs are constantly racing against time.  But no matter what the working day throws at them, the CISOs’ constant number-one priority is to keep the company’s data and networks secure against attacks, outages and other disruptions.  And given the ever-growing number of change requests, audits, security events and more that CISOs and their teams need to handle, it’s no surprise that there’s increasing demand for security automation.   Not only to handle routine ‘keeping the lights on’ tasks within organizations, but also to strengthen their overall security posture, reduce outages, cut audit preparation time, improve compliance, and free up time for strategic business-driven initiatives.  It may even help CISOs to sit down and enjoy a cup of coffee once in a while.