In today’s rapidly evolving cybersecurity landscape, the role of the Chief Information Security Officer (CISO) is no longer seen as the final destination for security executives. As organizations continue to value the unique skills and experiences that CISOs bring to the table, many are looking to leverage these qualities in other executive positions within the C-Suite.
One common pivot for CISOs has been into positions such as Chief Risk Officer (CRO), Chief Information Officer (CIO), and Chief Technology Officer (CTO). With the increasing emphasis on “secure by design” principles in software engineering and technology architecture, filling CTO roles with former CISOs has become a strategic move for many organizations. While there is not yet statistical data to support this trend, anecdotal evidence suggests that companies like 20th Century Fox, Bank of America, and Fifth Third Bank have elevated their CISOs to CTO roles in recent years.
One notable example of this trend is Equifax, which appointed CISO Jamil Farshchi to a joint CTO and CISO position. Farshchi, a veteran CISO with a background in leading security transformations at various organizations, sees the transition as a natural progression given his deep engagement with technology throughout his career. His journey from CISO to CTO underscores the evolving nature of executive roles in today’s cybersecurity landscape.
Farshchi’s experience reflects a broader trend in the security and technology leadership community, where the skills and strategic thinking required for success as a CISO are increasingly seen as applicable to the role of a CTO. Bob Zukis, a cybersecurity and executive development expert, emphasizes the cross-functional expertise that CISOs bring to the table as CTO candidates. This ability to work collaboratively across different domains and departments is a key strength that can unlock new opportunities for senior leaders within an organization.
Randy Watkins, CTO of MDR provider Critical Start, echoes this sentiment, highlighting the importance of product management skills for CISOs looking to transition into a CTO role. While the learning curve may be steep, Watkins believes that the evolving product savvy of many CISOs positions them well for future leadership roles in technology.
One key benefit of appointing former CISOs as CTOs is the risk management mindset they bring to the innovation cycle. By integrating security considerations early on in the development process, organizations can build secure products and platforms from the ground up. This proactive approach to security, known as secure by design, has the potential to transform how companies approach cybersecurity in today’s digital age.
Overall, the trend of CISOs transitioning into CTO roles underscores the evolving nature of cybersecurity leadership and the growing recognition of the value that security executives bring to the broader business landscape. As organizations continue to prioritize secure and innovative technology solutions, the unique skill set of CISOs is becoming increasingly sought after in executive positions beyond traditional security roles.