Chief Information Security Officer (CISO) Overview and Background

of one

CISO - Insights

Seven resources that CISOs at Fortune 500 companies turn to for industry knowledge and help are (1) conferences (in general) that they routinely attend in order to find much-needed talent, (2) the Global CISO Executive Summit, (3) the CISO Forum, (4) the CISO Minute podcast, (5) the Information Security Forum, (6) the Cybersecurity Collaborative, and (7) the Chief Information Security Officer Leadership Forum.

Resources That Fortune 500 CISOs Turn to For Industry Knowledge & Help

1. Constantly Attending Conferences to Find Much-Needed Talent

  • In an interview, Fortune 500 U.S. Bancorp's CISO, Jason Witty, stated: "For us [CISOs], for example, we’re always attending conferences on purpose, looking for talent. We’re very specific about which conferences we want to go to. We are always looking for people and interviewing people even though we don’t have positions open, or even when we don’t have positions open."
  • Jason Witty described the talent shortage in cybersecurity as "one of the biggest problems all CISOs have."

2. Global CISO Executive Summit

  • The Global CISO Executive Summit is a conference that Fortune 500 CISOs frequent, as is demonstrated by the fact that several chairs of the summit are CISOs at Fortune 500 companies.

3. CISO Forum

  • "SecurityWeek’s . . . CISO Forum presented by Intel" is a conference frequented by Fortune 500 CISOs, as featured attendees include CISOs at Fortune 500 companies.

4. CISO Minute Podcast

  • The CISO Minute podcast is a resource that Fortune 500 CISOs turn to for industry knowledge and help.
  • The following description is provided about the podcast: "Every Monday morning, we bring advice and insights to Fortune 500 and Global 2000 chief information security officers."

5. Information Security Forum

  • The Information Security Forum is an organization that helps Fortune 500 CISOs (among others).
  • Many of the Information Security Forum's members are Fortune 500 companies.
  • The organization describes itself as "the leading authority on cyber, information security and risk management [that provides] practical tools and guidance [to] address current topics and . . . overcome the wide-ranging security challenges that impact . . . business today."

6. Cybersecurity Collaborative

  • The "Cybersecurity Collaborative [is] a peer council platform for Chief Information Security Officers (CISOs) and other senior-level security executives."
  • Participation in the Collaborative is exclusively limited to members.
  • The CISO Corporate Membership Leadership Council for the Cybersecurity Collaborative includes multiple CISOs from Fortune 500 companies.
  • The Chairman provided the following statement about the Collaborative's mission: "We must harness the combined insights, expertise, and best practices across the Fortune 500 CISO community to truly achieve maximum security readiness."
  • The Cybersecurity Collaborative also provides the following resources to members: "[A]ccess to a confidential member-only portal for peer networking and collaboration; daily security report and critical updates; CISO-led SWAT teams and peer task forces; and a content library with a searchable database of proven policies and guides written by the foremost authorities and practitioners." Furthermore, regional meetings are held for both prospective and current members.

7. Chief Information Security Officer Leadership Forum

  • The Chief Information Security Officer Leadership Forum is a conference that Fortune 500 CISOs frequent for industry knowledge and help.
  • The Chief Information Security Officer Leadership Forum is part of the Argyle Executive Forum.

Research Strategy

We identified insights about resources that Fortune 500 CISOs turn to for industry knowledge and help by first looking for conferences/events that those executives attend. We found those events through general searches for such and in lists of the top events for CISOs. For each conference/event we found, we specifically reviewed information about who leads and attends, in order to ensure that such conference/event is truly one frequented by Fortune 500 CISOs specifically. In order to provide resources outside of conferences/events, we looked for magazines, podcasts, and other types of media that Fortune 500 CISOs use. While we weren't able to find information to definitively support whether Fortune 500 CISOs specifically read various publications, we were able to find a podcast that is listened to by that audience segment. Lastly, we also reviewed the transcript of an interview with a Fortune 500 CISO who shed light on where Fortune 500 CISOs turn to for help with recruiting.