Connect with us

Hi, what are you looking for?


Management & Strategy

Why Chief Information Security Officers Need Their Own Cockpits

Cockpit of Airliner

Cockpit of Airliner

Back in the early “barnstorming” days of aviation, pilots flew their planes by the seat of their pants, with minimal guidance from gauges or navigation aids. Engine trouble was indicated by smoke from the engine, airspeed was monitored by the wind in the pilot’s hair and navigation was done with dead reckoning using the sun and the stars.  As airplanes got more complex, flying higher and faster, gauges and navigation got more sophisticated.  Today, pilots fly with “glass panels” and GPS, providing all the information needed to fly the plane in one place, with autopilots that almost fly the plane themselves.

Like pilots, who have the ultimate multi-tasking challenge to minimize unnecessary risks and ensure the safety of their passengers and craft, chief information security officers (CISOs) have to keep their eye on many gauges and instruments to minimize their organization’s cyber risk and protect their most treasured applications and data. Gone are the days of CISOs operating by the seat of their pants.  With the stakes high and the sophistication of attackers at unprecedented levels, CISOs need their own cockpit that includes everything they need to manage their operation.

With hundreds of third party vendors connecting to their networks, an increasing number of employees logging in remotely, continuously evolving industry regulations, threats coming from all directions and criminals using more sophisticated tactics than ever before, a CISO’s role has shifted.  They can no longer approach cyber security from a technical standpoint, deploying one siloed solution after another and only speaking in terms of zero days and firewalls. Today’s CISOs are being held accountable by other C-level executives and boards of directors to approach cyber security from a viewpoint that they understand – risk. According to a recent survey conducted by Osterman Research, cyber risks were the highest priority among board members compared to other risks, such as financial, legal, regulatory and competitive risks.

To overcome the latest cyber security challenges and implement a risk-based approach to cyber security, CISOs need a fully equipped cockpit.  They not only need dashboards to understand the company’s current state of affairs but also the levers and switches to take action to reduce risk.  They need to see threats coming from outside criminals, internal employees and third party vendors, and marry those threats with associated vulnerabilities that may lead to a compromise of their most valued assets.  They must facilitate the communication between incident responders and line-of-business application owners to ensure that the most severe alerts are on the top of the priority list for investigation and that the most critical vulnerabilities within their most valued assets are patched first.  CISOs must report their progress and challenges to the board of directors in a language they can understand and present metrics that center around impact to the business.

A pilot’s cockpit includes features such as dashboards, communication controls, levers, warning lights, windshields and automation.  A CISO’s cockpit must contain the same types of tools in order to reduce cyber risk in a traceable, measurable and truthful fashion. Without one, they will be flying blind, seeing fragmented pieces of their cyber risk landscape and unable to decipher threats and vulnerabilities that truly elevate cyber risks to their most precious cargo.  

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.