There have been volumes written about the role of the CSO and how to gain a seat at the table in the C-suite. A relatively small number of CSOs have been able to convince their management that the CISO should be under their purview, citing the inherent mission conflicts that exist when the CISO reports to the CIO. With the Board focusing an increasing amount of attention on cyber risks, any CSO that turns down the opportunity to bring the CISO function into their fold would be making a potentially fatal career error. I am in no way saying that owning the cyber component doesn’t have its share of risks, but it is far better to take on the larger role than risk being brought under the CISO, whose role may be perceived as a more critical function.
From a personal and professional growth perspective, why stop at just incorporating the cyber component? Increasingly, senior security executives have demonstrated their value, professionalism and sound judgement. Having gained the trust of senior management, an increasing number of senior security executives have been asked to dramatically expand their role.