- CISOs with graduate degrees in science, technology, engineering and math (STEM) outnumber those with an advanced degree in business administration or management for the first time this year, according to a Marlin Hawk report published on Tuesday.
- More than 3 in 5 CISOs at large enterprises have earned a STEM advanced degree, reflecting a 15 percentage point year-over-year increase since 2021. CISOs with higher degrees in STEM subjects or business administration were evenly split in 2021 at 46%.
- As the number of CISOs with more technical education backgrounds grew in 2022, those with graduate degrees in business administration or management dipped to 36% overall, according to Marlin Hawk’s annual survey of CISOs. Marlin Hawk based its findings on a survey of 470 CISOs at enterprises with at least 10,000 employees.
The demands and complex threat landscape CISOs operate in placed a higher value on technical studies and backgrounds in 2022.
The material risk of a breach, nation-state attack or ransomware is more palpable across the governance structure of enterprises, said James Larkin, managing partner of performance and growth at Marlin Hawk, a global executive search and leadership advisory firm.
This places a greater demand on enterprise leaders to hire CISOs that are “technical enough to understand the gaps in the architecture that might exist within the digital domain, such that these attacks can occur,” he said.
“There’s generally a sense that we shouldn’t take the risk, so to speak, on this hire,” Larkin said.
This increased focus on technical prowess underscores the evolving responsibilities CISOs are taking on – expanding their remit to include areas such as engineering, business risk, operational resiliency, product design and security and technology architecture.
“Rather than just defending what we have, I think there will be more of a skew towards preparing for what we want to have or what we want to build,” Larkin said. “And making sure that the CISO is in that discussion as well.”
Organizational defense, of course, remains the core role for CISOs.
“You shouldn’t have the CISO title if you’re not actively defending your organization,” Yonesy Núñez, CISO at Jack Henry Associates, said in the report.
Beyond that, very few CISO roles are alike, making it one of the least consistent C-suite roles and one that continues to gain importance.
CISOs have earned greater influence over infrastructure and technology components, Shamoun Siddiqui, CISO at Neiman Marcus Group, told Marlin Hawk for the report.
“Such an integration of cybersecurity and infrastructure resolves the single biggest point of contention that has historically existed between the two silos of information security and infrastructure,” Siddiqui said.