Cloud Wars
  • Home
  • Top 10
  • CW Minute
  • CW Podcast
  • Categories
    • AI and Copilots
    • Innovation & Leadership
    • Cybersecurity
    • Data
  • Member Resources
    • Cloud Wars AI Agent
    • Digital Summits
    • Guidebooks
    • Reports
  • About Us
    • Our Story
    • Tech Analysts
    • Marketing Services
  • Summit NA
  • Dynamics Communities
  • Ask Copilot
Twitter Instagram
  • Summit NA
  • Dynamics Communities
  • AI Copilot Summit NA
  • Ask Cloud Wars
Twitter LinkedIn
Cloud Wars
  • Home
  • Top 10
  • CW Minute
  • CW Podcast
  • Categories
    • AI and CopilotsWelcome to the Acceleration Economy AI Index, a weekly segment where we cover the most important recent news in AI innovation, funding, and solutions in under 10 minutes. Our goal is to get you up to speed – the same speed AI innovation is taking place nowadays – and prepare you for that upcoming customer call, board meeting, or conversation with your colleague.
    • Innovation & Leadership
    • CybersecurityThe practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.
    • Data
  • Member Resources
    • Cloud Wars AI Agent
    • Digital Summits
    • Guidebooks
    • Reports
  • About Us
    • Our Story
    • Tech Analysts
    • Marketing Services
    • Login / Register
Cloud Wars
    • Login / Register
Home » Prove It: Who Should the CISO Report To?
Cybersecurity

Prove It: Who Should the CISO Report To?

Prove It Roundtables
Chris HughesBy Chris HughesOctober 15, 2021Updated:April 13, 20235 Mins Read
Facebook Twitter LinkedIn Email
To adjust the volume hover the cursor over the volume bar
Share
Facebook Twitter LinkedIn Email
Acceleration Economy Cybersecurity

Welcome to Prove It – a round table approach to the Acceleration Economy in which our Analyst Network discusses, debates and defines pressing topics. John Siefert, CEO and Co-Founder of the Acceleration Economy Network kicks off the first episode focusing on the role of the Chief Information Security Officer (CISO). Analysts Bob Evans, Wayne Sadin, and Chris Hughes weigh in sharing their experience and expertise on the subject.

Highlights

00:09 – John introduces the first topic of Prove It to spark a conversation on the role of the Chief Information Security Officer as well as where this position should report.

Meet the Analysts

00:50 – Bob Evans is the Founder of Cloud Wars and Co-Found of the Acceleration Economy. He is also a Cloud and Digital Business Analyst.

01:06 – Wayne Sadin has been a CIO, CTO, and CDO for 30 years. Additionally, he is a Lead Advisor and Board Member, advising others on how to use technology better. He is a Board Strategy Analyst.

01:23 – Chris Hughes is the Co-Founder of Aquia as well as a Cyber Security Analyst. Chris brings 20 years of IT and Cybersecurity experience to the table.

Where Should the CISO Report?

01:38 – John proposes the question “Where should the CISO report?” Chris shares insights, explaining how it is dependent on the organization and the industry. Furthermore, he suggests reasoning behind reporting to the Chief Risk Officer or Chief Security Officer, as it’s essentially a subset of these roles.

2:51 – Wayne chimes in on the importance of CISOs reporting to the board of their organization. In addition, he considers the conflict that could arise from reporting to the CEO.

5:44 – Bob emphasizes Chris and Wayne’s points about the organizational structure being a determining factor. However, he further elaborates on how it is also dependent on the future needs and direction of your company of what would result in acceleration to success.

6:43 – Does your organization have a traditional structure? Is reporting to the CSO an option? What are your organization’s priorities?

7:30 – Data integrity, security, and regulatory compliance are all non-negotiable concepts. However, when business transformation and optimization occur, we have to start considering ways to incorporate cybersecurity in from the beginning.

8:42 – If there are competing priorities, who would be the third-party decision-maker to handle those scenarios? What would the qualifications be for that decision-maker?

9:51 – “It has to start with the board taking interest in security as one of the business enablers, not as an impediment to be removed as a business enabler.” If you can express in business terms what risks you’re protecting, the business can understand and accept them. Then, it’s clearer what the business opportunity is and how it’s secure.

Industry Cloud Battleground Week

10:42 – On November 15th to 19th, join us for Industry Cloud Battleground Week. More information and registration for this 5-day digital event are available here.

Internet of Things and Risk Management

11:22 – The Internet of Things has contributed to the increase of potential risks. While IoT is an incredible new development, it also opens more opportunities for additional risks. Although it’s helpful to have this tool to put data in the hands of employees, it’s essential to evaluate these business imperatives in a secure way.

12:15 – As an enabler, it’s imperative for the CISO to be able to communicate the value of security measures as well as how it occurs.

13:05 – A large percentage of business operations is risk management. Wayne defines risks as something that businesses are presented with that you must spend money on to overcome or just accept. As the CISO’s main focus is on security, it’s a collective effort to determine solutions that keep the business solvent in the short term and growing in the long term.

Looking Back & Moving Forward

15:08 – Referring to a previous conversation, Bob talks about insights from a CFO about trends where companies are elevating CFOs higher up. So, they’re assuming the roles of what is traditionally for the COO. As the CFO’s role changes, so will the role of other positions, including the CISO.

16:04 – Leaders cannot be looking back and expect to move forward. They have to be looking forward to where they’re going with the company and their strategy while considering the shifts in the marketplace.

16:43 – The analysts discuss how changing organizational structure causes disruption among businesses. Security is everyone’s job.

17:05 – Revenue is an area that organizations need to think about. A major factor in companies getting selected as vendors is how the company can execute its technology. Wayne shares an old phrase, “Information about money is as valuable as money itself.” Think about the enablers of your products that make you more valuable.

Final Thoughts on the CISO

18:15 – Ultimately, who the CISO reports to truly depends on the organizational structure. Chris drives the point that security is not the business, but an enabler in making the business successful and secure.

19:02 – As an organization, from the board down, it’s important to be talking about how the risks the company faces, how to mitigate the risks, and the opportunities that mitigation allows you to seize. Wayne says that while the CISO needs to be part of that conversation, the CEO, the board, and every decision-maker within the company also need to be involved.

20:04 – Bob shares a perspective that the CISO will present a 3-year plan to the CEO and board. Then, by proposing this plan, they would not need a CISO anymore.

20:42 – John concludes that although we are in challenging times, we are surrounded by opportunities for growth.

CISO featured Practitioner Roundtables
Share. Facebook Twitter LinkedIn Email
Analystuser

Chris Hughes

CEO and Co-Founder
Aquia

Areas of Expertise
  • Cloud
  • Cybersecurity
  • LinkedIn

Chris Hughes is a Cloud Wars Analyst focusing on the critical intersection of cloud technology and cybersecurity. As co-founder and CEO of Aquia, Chris draws on nearly 20 years of IT and cybersecurity experience across both public and private sectors, including service with the U.S. Air Force and leadership roles within FedRAMP. In addition to his work in the field, Chris is an adjunct professor in cybersecurity and actively contributes to industry groups like the Cloud Security Alliance. His expertise and certifications in cloud security for AWS and Azure help organizations navigate secure cloud migrations and transformations.

  Contact Chris Hughes ...

Related Posts

Microsoft Makes Major Push Into AI Agent Interoperability with New MCP Rollouts

May 23, 2025

Microsoft’s Latest Release Announcements Aimed at Streamlining Agentic AI, Increasing Accessibility

May 23, 2025

Microsoft and OpenAI Could Revise Partnership Terms Ahead of Potential OpenAI IPO

May 23, 2025

IBM Research Sheds New Light on AI Agents’ Impact Across Org Structures, Business Functions

May 22, 2025
Add A Comment

Leave A Reply Cancel Reply

You must be logged in to post a comment.

Recent Posts
  • Microsoft Makes Major Push Into AI Agent Interoperability with New MCP Rollouts
  • Microsoft’s Latest Release Announcements Aimed at Streamlining Agentic AI, Increasing Accessibility
  • Microsoft and OpenAI Could Revise Partnership Terms Ahead of Potential OpenAI IPO
  • IBM Research Sheds New Light on AI Agents’ Impact Across Org Structures, Business Functions
  • SAP Says Reports of Applications’ Death Are Greatly Exaggerated!

  • Ask Cloud Wars AI Agent
  • Tech Guidebooks
  • Industry Reports
  • Newsletters

Join Today

Most Popular Guidebooks

Accelerating GenAI Impact: From POC to Production Success

November 1, 2024

ExFlow from SignUp Software: Streamlining Dynamics 365 Finance & Operations and Business Central with AP Automation

September 10, 2024

Delivering on the Promise of Multicloud | How to Realize Multicloud’s Full Potential While Addressing Challenges

July 19, 2024

Zero Trust Network Access | A CISO Guidebook

February 1, 2024

Advertisement
Cloud Wars
Twitter LinkedIn
  • Home
  • About Us
  • Privacy Policy
  • Get In Touch
  • Marketing Services
  • Do not sell my information
© 2025 Cloud Wars.

Type above and press Enter to search. Press Esc to cancel.

  • Login
Forgot Password?
Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.