CISOs are pulling up roots and moving to new companies at a rapid pace as demand grows for leaders with cyber and information security expertise and salaries skyrocket. Many veteran infosec professionals are also joining the CISO ranks for the first time as companies add the position to their C-suites.
Four years ago, 20 percent of CISOs had less than two years on the job, according to Gartner. Today it’s closer to 30 percent, according to analyst estimates. “You’ve also got all of these open positions where there is no CISO but there is funding, and they’re trying to hire,” says F. Christian Byrnes, Gartner managing vice president. “If there were enough people to fill those positions, it would be 50 percent.”
Short tenures put added pressure on the company and the CISO because it takes at least two years for a CISO to learn the job and be comfortable with it, Byrnes adds. CISOs have little time to formulate a course of action, make connections, establish a management style, and win over stakeholders – let alone see their plans come to fruition. Successes and failures in the first year can also affect how others buy into their security strategies going forward.