"The most transformational job in the corporate world right now isn’t glamorous, certainly isn’t easy, and at times is even a little thankless. It’s a job where little can go right and a lot can go catastrophically wrong. If that isn’t enough, it’s probably the hottest seat in corporate America today.

The job I am talking about is that of the chief information security officer (CISO). And, if I were rising through the ranks of an enterprise IT department, CISO is the job I would seek out to make my mark."

That's the beginning to  Usman Choudhary's superb post on the transformational potential of the CIO.

Now, I follow news impacting technology leadership very closely - beyond intrinsic interest, being absolutely on top of emerging trends is something I owe to my CIO and CISO resume clients.

So it's great to see an article that is at once this positive and this realistic about what the CISO can deliver as organizations evolve, and begin to give cybersecurity both the respect and the investment required in today's rapidly evolving threat landscape.

Because we all realize that the CISO can have a thankless job. Too often, the CISO can be seen either as "Dr. No" or as a convenient scapegoat when things go wrong.

The CISO Can No Longer Afford to be "Dr. No."
The CISO Can No Longer Afford to be "Dr. No."

But that doesn't mitigate the value - and the capacity to contribute to long term strategy - that a strong CISO can bring. Security, like IT a few years ago - is being recognized as a key business driver, not a cost center.

That's important. Because one of the only ways to really ensure a solid security posture is for everyone to recognized that security makes their jobs easier. Not harder.

Mr. Choudhary makes a number of great points. But the one that resonates most strongly with me the need for the CISO to take responsibility for defining their role - and educating the rest of the executive team when that's necessary.

Because while other executives may know that security is critical, they may not recognize the details . So the CISO's ability to communicate value without going into excessive technical detail will be a key differentiator among the security leaders who are seen as strategic partners - and those who may still be seen as a roadblock to doing business.

That's absolutely critical for getting the job done. Because if the CISO is seen as "Dr. No," his or her ideas will be discounted - often completely unconsciously. But if the CISO is a respected peer, than the likelihood of broad executive and stakeholder support for security initiatives grows exponentially.

And that's good for everyone - and is critical for CISO career growth.

Comment