www.sdxcentral.com
Open in
urlscan Pro
2606:4700:3108::ac42:2911
Public Scan
Submitted URL: https://link.cybersecuritydive.com/click/31637329.38069/aHR0cHM6Ly93d3cuc2R4Y2VudHJhbC5jb20vYXJ0aWNsZXMvYW5hbHlzaXMvdGhlLWdyZWF0LWN...
Effective URL: https://www.sdxcentral.com/articles/analysis/the-great-ciso-resignation-why-security-leaders-are-quitting-in-droves/2023/05...
Submission: On May 30 via api from US — Scanned from DE
Effective URL: https://www.sdxcentral.com/articles/analysis/the-great-ciso-resignation-why-security-leaders-are-quitting-in-droves/2023/05...
Submission: On May 30 via api from US — Scanned from DE
Form analysis 3 forms found in the DOM
POST
<form id="js-login-form" method="POST" class="login-form">
<p>Log in to SDxCentral</p>
<div class="field">
<label for="js-login-form-email">Email Address</label>
<input id="js-login-form-email" type="email" placeholder="Your Email Address" required="" autocomplete="email">
</div>
<div class="field">
<label for="js-login-form-password">Password</label>
<input id="js-login-form-password" type="password" spellcheck="false" placeholder="Your Password" required="" autocomplete="current-password">
</div>
<div class="actions">
<button id="js-trigger-email-sign-in" type="button" class="btn btn-link orange">Log in with Email</button>
<button id="js-trigger-password-reset" type="button" class="btn btn-link orange">Forgot Password</button>
</div>
<div class="login-form-footer">
<button type="submit" class="btn btn-solid orange">Log In</button>
<a href="https://www.sdxcentral.com/members/register/" class="btn btn-bordered orange">Create an Account</a>
</div>
</form>GET https://www.sdxcentral.com/
<form class="search-form" method="get" action="https://www.sdxcentral.com/"><label class="search-form-label screen-reader-text" for="searchform-1">Search SDxCentral</label><input class="search-form-input" type="search" name="s" id="searchform-1"
placeholder="Search SDxCentral"> <button type="submit" class="btn btn-solid blue"> Search </button>
<meta content="https://www.sdxcentral.com/?s={s}">
</form>POST
<form method="POST" class="subscribe-form lemur-link" data-uuid="234225e1-c9a9-4879-9b54-fc6e1156fa18" data-line_item="Register for SDxCentral's Daily Newsletter" data-text="Enter your corporate email address.">
<h3 class="widgettitle widget-title">Register for SDxCentral's Daily Newsletter</h3>
<p>Enter your corporate email address.</p>
<div class="inner">
<div>
<label>
<span class="screen-reader-text">First Name</span>
<input type="text" name="first_name" placeholder="First Name" required="" autocomplete="given-name">
</label>
<label>
<span class="screen-reader-text">Last Name</span>
<input type="text" name="last_name" placeholder="Last Name" required="" autocomplete="family-name">
</label>
<label>
<span class="screen-reader-text">Email Address</span>
<input type="email" name="email_address" placeholder="Email Address" required="" autocomplete="email">
</label>
<div class="consent">
<div class="consent-type"><label class="checkbox orange"><input type="checkbox" name="consent[]">
<div>
<div>
<p>* I agree to SDxCentral’s <a href="https://www.sdxcentral.com/legal/terms-of-use/">Terms of Use</a>, <a href="https://www.sdxcentral.com/legal/privacy/">Privacy Policy</a>,
<a href="https://www.sdxcentral.com/legal/cookie-policy/">Cookie Notice</a>, and the transfer of my information to the United States for processing to provide me with relevant information as described in our
<a href="https://www.sdxcentral.com/legal/privacy/">Privacy Policy</a>.</p>
</div>
</div>
</label></div>
</div>
</div>
<button type="submit" class="btn btn-solid orange">Subscribe Now</button>
</div>
</form>Text Content
* Skip to primary navigation * Skip to main content * Skip to primary sidebar * Skip to footer Tuesday, May 30, 2023 SDxCentral The Leading Resource on Next-Generation IT Infrastructure * Login Log in to SDxCentral Email Address Password Log in with Email Forgot Password Log In Create an Account * Subscribe Toggle Menu * SECURITY1 * ZERO TRUST * SASE * SD-WAN/NAAS * EDGE * CLOUD * DATA CENTER * NETWORK * 5G * RAN Open Search Search SDxCentral Search * News * Analysis * Interviews * Opinion * Podcasts * Definitions * Glossary * Events * Demos * Webinars * Companies * Careers Articles / Analysis THE GREAT CISO RESIGNATION: WHY SECURITY LEADERS ARE QUITTING IN DROVES Taryn Plumb May 29, 2023 1:00 PM Share this article: Email Twitter LinkedIn Facebook Reddit Hacker News Save Article: With ransomware becoming increasingly commoditized and generative AI tools like ChatGPT broadening hackers’ arsenal, organizations are increasingly under attack in what some are calling a cyber cold war. This places greater and greater pressure on security leaders dealing with shrinking budgets, skeleton crew staff and a conglomeration of security tools and protocols — so much so that they are increasingly up and quitting. This so-called Great CISO Resignation is concerning, experts warn — because what happens when there’s nobody guarding the gate and rallying the troops? “The CISO is the leader of the front line of defense against threat actors,” said Rick Crandall, chairman of the National Cybersecurity Center’s Cyber Committee, which recently made a call to action to reverse what some are calling the Great CISO Resignation. “Like any organization,” said Crandall, “without a leader, important things don’t get managed, motivated, measured and corrected.” REGISTER FOR SDXCENTRAL'S DAILY NEWSLETTER Enter your corporate email address. First Name Last Name Email Address * I agree to SDxCentral’s Terms of Use, Privacy Policy, Cookie Notice, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy. Subscribe Now CISOS FACE TOO MUCH FIREFIGHTING, EXCESSIVE EXPECTATIONS Recent research from anti data exfiltration and ransomware prevention company BlackFog revealed that nearly a third (32%) of CISOs or IT cybersecurity leaders in the U.S. and UK were considering leaving their current organization. Nine in 10 CISOs report being “moderately” or “tremendously” stressed, according to another study, and average CISO tenure is just two years and two months. The top reasons for CISO dissatisfaction, according to BlackFog: A lack of work-life balance and too much time spent “firefighting” rather than focusing on strategic issues. Many are struggling to keep up to date with new frameworks and models (such as multi-factor authentication and zero trust), and others say keeping their team’s skill levels up is a “serious challenge.” Then there is the general lack of qualified team members to begin with. Over an eight-year period, the number of unfilled cybersecurity jobs grew by 350%, from one million positions in 2013 to 3.5 million in 2021. That number is expected to hold out to 2025. Organizations are increasingly under attack, and with short staffing, their vulnerability only increases — less than one in 10 organizations are equipped to deal with an attack from professional cybercriminals. In fact, 100% of CISO respondents to one recent survey said they needed additional resources to adequately cope with current IT security challenges. But even amidst these limitations, many CISOs say they face “excessive expectations,” per Proofpoint research. This is at the same time that organizations are tightening cybersecurity budgets, leaving security leaders with fewer resources to do their jobs. “CISOs have always had a stressful job, but additional pressures are creating an untenable situation,” Celeste Lowe, group director for IT security at Nine commented in the Proofpoint report. “Finding a better balance may sound impossible, but given the 24/7 nature of the role, it’s absolutely necessary for maintaining resilience in the face of burnout.” INCREASING SCRUTINY, LACK OF AUTHORITY AND COLLABORATION Additional frustrations come from lack of collaboration with higher ups who expect CISOs to do more — and more quickly — with less, lack of authority to make changes and challenges in influencing management to top challenges and needs. “Most CISOs would say that the cyberthreat cold war (or some might call it a hot war) is just part of the job that they are paid to do,” said Crandall. But that is not where stress comes from, he said, adding, “I originally thought it was budget pressures, but that’s not it either.” Instead, he sees it as coming from “the lack of authority to implement best practices across the company and the lack of visibility at the top on some of the issues that keep them up at night.” And increasingly, the duty to report can get murky, with regulations at state and federal levels increasing and expectations changing about what and when cyber incidents need to be reported. Then there are high-profile cases placing overall scrutiny on CISOs. Case in point: The high-profile conviction of former Uber chief security officer for his cover-up of a 2016 hack. “The increased responsibility of the CISO has brought increased scrutiny from regulators,” Proofpoint writes in its 2023 State of the CISO Report. “CISOs are well aware of what this verdict and others like it could mean for them, and they are seeking reassurance.” Still, they don’t often get it, and some instead turn to experts offering advice on when they should quit their jobs — including when the CISO role is not an executive one, the security team lacks financial support or they feel unsupported during security incidents — and how to go about exiting. UNFILTERED COMMUNICATION WITH CISOS CRITICAL But how to reverse this trend? Crandall advised executive sessions where the CISO meets with the boards or board committees charged with the oversight of cyberthreats without any superiors present. Board members then ask penetrating questions of the CISO with the expectation that the respondent will respond openly. These questions can include the following: * “What practices or lack of practices anywhere in the company keep you up at night?” * “If you had unlimited authority, what would you have some area of the company do that is not being done today to protect against the top risks?” * In cases where a penetration is detected: “Have we disclosed the hack and its implications to meet regulatory, customer, and partner expectations?” This should be done at least annually, he advised, to give board members unfiltered information on cybersecurity matters. “Companies and states now believe that cyberthreats are the top risk they face,” Crandall said. And while company boards and state leaders might groan at the thought of having one more demand on their time, he said, “but we are talking about the top risk,” so give up something of lower priority in lieu of such critical meetings. LEADERSHIP MUST COME FROM THE TOP To keep CISOs satisfied, experts advise senior managers to foster strong relationships with them to understand challenges facing the business and the overall security industry. Continuous skill development is also critical (for both CISOs and their teams), as is assessment of reporting structures. In the end, Crandall said, it takes leadership from the top. Since the whole organization doesn’t report to the CISO, their authority must come from CEOs and other C-suite members that are asking questions and making decisions on how to move forward. Of course, the CEO could decide that the CISO is asking for too much, he said, which is fine so long as they understand the concern and make an informed judgment based on the risk versus cost of implementing or not implementing a CISO’s recommendation. “In final analysis,” he said, “the buck stops at the CEO — not the CISO.” READ NEXT * PASSWORD REPORT: 65% SPEND MORE MONEY ON SITES WHERE LOGGING IN IS EASIER News | Nancy Liu | May 26, 2023 * PALO ALTO NETWORKS RIDES ‘AI RENAISSANCE’ WITH PROPRIETARY SECURITY LLMS News | Nancy Liu | May 25, 2023 * IBM HYBRID CLOUD MESH SOOTHES APPLICATION NETWORKING PAIN POINTS Interview | Emma Chervek | May 25, 2023 * DON'T PAY RANSOM: US GOVERNMENT UPDATES RANSOMWARE GUIDE AS ATTACKS RISE News | Nancy Liu | May 24, 2023 * VERIZON PUTS ANOTHER $1B GREEN BOND WHERE ITS MOUTH IS: RENEWABLE GRID ENERGY Interview | Emma Chervek | May 23, 2023 SIDEBAR POPULAR NEWS * 1 NUTANIX TAKES $11M HIT FOR ITS SOFTWARE MISUSE, EYES AI FOR REVENUE GROWTH * 2 IS T-MOBILE CEO MIKE SIEVERT THE BIGGEST 5G FINANCIAL CHEERLEADER? * 3 PALO ALTO NETWORKS RIDES ‘AI RENAISSANCE’ WITH PROPRIETARY SECURITY LLMS RELATED GUIDES Download Now POPULAR OPINION * 1 SECURITY COMPANIES CANNOT ESCAPE ECONOMIC DOWNTURN * 2 DOES A SINGLE PHOTO AT MWC 2023 PREDICT THE METAVERSE'S FUTURE? PLUS 5 INDUSTRY TRENDS * 3 EDITOR'S NOTE: SDXCENTRAI MOVES TO AP STYLE (WE KNEW YOU'D WANT TO KNOW) LATEST FROM SDXCENTRAL * 4 TOP TAKEAWAYS FROM DELL TECHNOLOGIES WORLD (FROM AI TO CLOUD TO EDGE) Analysis | Taryn Plumb | May 26, 2023 Dell Technologies World focused on four potentially enterprice-changing technologies: generative AI, edge, zero trust, 5G and multi-cloud. * PASSWORD REPORT: 65% SPEND MORE MONEY ON SITES WHERE LOGGING IN IS EASIER News | Nancy Liu | May 26, 2023 Creating a great login experience is important to conversions and, by extension, to revenue for organizations, Okta noted. * NVIDIA GRABS US FUNDING FOR DATA CENTER COOLING RESEARCH AS AI IMPACTS RISE Analysis | Emma Chervek | May 26, 2023 Nvidia's COOLERCHIPS research is unique for its deployment of two technologies never before combined: direct-to-chip and immersion cooling. * RED HAT RELEASES SERVICE INTERCONNECT TO HELP CONNECT APPLICATIONS SECURELY News | Sean Michael Kerner | May 26, 2023 Red Hat's new Service Interconnect offering enables orgs to more easily create secure application connections across clusters and clouds. * T-MOBILE US ENROLLS IN FEDERATED WIRELESS’S CAL POLY PRIVATE NETWORK News | Dan Meyer | May 25, 2023 The Cal Poly network can now support T-Mobile US customers, providing more robust and seamless coverage within areas around the campus. FOOTER CONTENT * All Resources * All Newsletters ACCOUNT * Become a Member * Subscribe * Manage My Profile * Manage My Subscriptions * Manage My Notifications * Saved Content * Member Support WORK WITH US * Advertising * Content * Demand Generation * Hubs * Webinars COMPANY * Company * Editorial Team * Job Openings * Leadership * Marketing Resource Center * Partners * Contact Us Follow Us: Twitter LinkedIn Facebook Podcasts RSS SDxCentral Logo © 2023 SDxCentral, LLC * Terms of Use * Privacy Policy * Cookie Policy * Do Not Sell My Personal Information Close 11 We use cookies to ensure you get the best experience on our website. Got it Manage Settings --> Close Close COOKIE SETTINGS SDxCentral employs cookies to improve your experience on our site, to analyze traffic and performance, and to serve personalized content and advertising relevant to your professional interests. You can manage your preferences at any time. View our Privacy Policy for more information. * Toggle Necessary and Functional Cookies Necessary and Functional Cookies - These cookies are necessary for the Site to function and cannot be switched off in our systems. These are used to let you login and to and ensure site security. Without these cookies, our Services won't work properly or won't be able to provide many features and functionality. * Toggle Performance & Tracking Cookies Performance & Tracking Cookies - We use our own and 3rd party analytics and targeting cookies to collect and process certain analytics data, including to compile statistics and analytics about your use of and interaction with the Site along with other Site traffic, usage, and trend data which is then used to target relevant content and ads on the Site. Opting out of these cookies may impact some minor site functions. Save and Exit Close Menu Sections * News * Analysis * Interviews * Opinion * Podcasts * Definitions * Glossary * Events * Demos * Webinars * Companies * Careers Coverage * SECURITY1 * ZERO TRUST * SASE * SD-WAN/NAAS * EDGE * CLOUD * DATA CENTER * NETWORK * 5G * RAN Login Subscribe Close We'd like to show you notifications for the latest news and updates. AllowCancel