CSO: CISOs embrace rise in prominence — with broader business authority

Chief Information Security Officer, Tim Dzierzek, discussed his role and how collaboration and teamwork is key.

Security execs are increasingly adding high-value responsibilities, expanding their skillsets, gaining deeper understanding of their business, and becoming more well-rounded leaders.

It’s a familiar refrain: As cybersecurity has become a core business priority, it is no longer a siloed operation, and the responsibilities of CISOs have grown, giving them greater prominence within the organization.

According to CSO’s 2024 Security Priorities Study, 72% of security decision-makers say their role has grown to include additional responsibilities over the past year. The top five responsibilities security leaders have taken on are: cybersecurity strategy and policy development; risk management; securing AI-enabled technology; innovation and emerging technologies; and security architecture and technology updates, according to the report.

Further, the report notes that 92% of security leader respondents have greater engagement with board of directors, up from 85% in 2023. Similarly, a recent Deloitte report finds cyber leaders have increased leadership visibility — 41% of respondents said their board addresses cyber-related issues at least once a month, while 30% are meeting weekly.

Tim Dzierzek, CISO of healthcare staffing company Aya Healthcare, agrees that there used to be the sense that “security is a technical problem, and I feel like you’re always educating executives that security is an all-encompassing process.”

Now, he says the CISO role has undergone a shift from security being a room of security professionals “looking at a lot of things,” to more focused on risk management and trust management across the organization.

“I’m definitely seeing more involvement of security in the business that you haven’t seen in the past, whether it’s data governance and now even AI governance, to really harness artificial intelligence for us and our customers,’’ Dzierzek adds.

With most companies now considered tech companies, digital transformation involves the CISO as well as the CIO, he says. While ensuring sensitive data remains compliant, the CISO has become a key advisor in how tech is used and enables companies to meet their business goals.

“So it’s a change from a backroom security function to guiding companies in a secure way,’’ Dzierzek says.

Aya Healthcare doesn’t like silos, he adds, and “I find a lot of my role is meeting up with people in the business. … There is a relationship [component] to the CISO role that wasn’t really in place in past companies.”

There’s no denying that with greater prominence and attention — not to mention constant news stories about high-profile cyberattacks — comes additional stress. Aya Healthcare’s Dzierzek says his background in the US Marine Corps has given him built-in mechanisms to cope.

This includes going for a run, taking 15-minute breaks and walking away, and in evenings doing something other than security, he says. But in the past, Dzierzek acknowledges he has “gone through bouts of being burnt out. … It’s a hard hole to break out of if you don’t have capabilities to step back and breath when security incidents happen.”

Read the full story here.