#219 - The Professionalization of CISOs (with Steve Zalewski & Tyson Kopczynski)

This episode explores the need for professionalization within the Chief Information Security Officer (CISO) industry. Against the backdrop of increasing personal liability faced by CISOs, as exemplified by the legal challenges faced by individuals like Joe Sullivan and Jim Brown, the discussion pivots to the formation of a professional association for CISOs. More significantly, the panelists discuss the creation of a structured accreditation process, moving beyond simple certifications to demonstrate operational and theoretical expertise, thereby establishing a clear definition of CISO competencies and responsibilities. For instance, the association aims to address the varying roles of CISOs across different organizational sizes and sectors. The development of a specialized liability insurance product, negotiated with the support of the association, is highlighted as a key benefit for members. In contrast to previous attempts at government-mandated standardization, this initiative empowers CISOs to define their profession's standards. This proactive approach aims to mitigate the risk of ill-defined regulatory requirements and establishes a framework for future growth and development within the CISO field.