How the figure of the CISO was born and why

Who is the CISO 

The CISO (Chief Information Security Officer) combines technological, organizational, relational skills, knowledge of the business domain and the ability to develop and manage a complex team.


The CISO is aware of the Information Security issues within the organization in which it operates, understands what the real economic interests are, effectively communicates the risks deriving from IT threats to the Management, identifies and prepares suitable measures to mitigate them. 


The CISO is constantly updated to understand new cyber threats and new methodological and technological solutions to address them. 


The mission of the CISO is to bring the culture of Information Security into the Organization and in all its processes, adopting suitable and sustainable techniques and tools in order to oversee the Operational Continuity of the organization itself.

How it started

The continuous growth of episodes of information breaches or losses that have significant or even irreparable impacts is making organizations more aware of the risks that threaten the continuity of their activities.

A correct cyber security management strategy necessarily passes from a clear and unambiguous definition of responsibilities and the CISO (Chief Information Security Officer) is the specific profile to whom to delegate the direction of this issue within the organizations. [Cybersecurity360]

The CISO shares the vision with the organization to guide a programmatic and proactive approach to Information Security and Risk Management.

The first CISO in history

This is the reason why already in 1994 Citigroup (American financial services company at that time No. 17 in the Fortune 500 ranking) organized an internal unit specialized in computer security, after having suffered numerous and important attacks by Russian hackers, at the head of which he appointed Steve Katz, the first CISO in history,

(Cybercrime Magazine)

What the CISO does