The Art and Science of Being a CISO

The reason organizations choose a particular CISO is fundamentally because they trust the CISO's judgement. A CISO draws from their experience, which includes domain, industry, managerial and leadership background, etc. which provides them with the intuition to manage an organization's cybersecurity program effectively. People refer to this intuition as an art, and it usually works. Unfortunately, when it fails, it can create a massive failure. Similarly, a large part of the success of a program depends upon the CISOs ability to sell the program to executives and the board of directors. This ability to sell is likewise considered an art.

This presentation will define how to take the art of being a CISO and turning it into a repeatable science. This can be accomplished with the intelligent application of artificial intelligence, other mathematical tools, and data science as a whole that can take the guesswork (aka art) out of decisions. Intuition has been reasonably successful for most programs, however when you turn the art into a science, the resulting cybersecurity program can be both more effective and predictable. Additionally, by applying data science to the CISO position, it helps to open up the role to more practitioners.