Step aside CISOs, because we are homing in on your more targeted and tactical counterparts: BISOs.
BISOs, or business information security officers, across industries are tasked with making sure their business’ cybersecurity strategy is well-communicated throughout their organization and aligned with its operations.
The function, which is commonly regarded as a liaison between security and business teams, is a relatively new concept within the industry. Joe Carson, chief security scientist and advisory CISO at Delinea, told IT Brew the role of a BISO is one that has transformed within the last 10 to 15 years and is increasingly becoming more “critical” within large organizations.
“Security is a fundamental part of the business today and no longer just an IT problem,” Carson said.
IT Brew caught up with current and former BISOs to discuss how they think the role will evolve within the next year.
The remarks below have been edited for length and clarity.
Robert Woodward, BISO at Blackbaud: I’m hoping to see the role broaden a bit. What I bumped into across two organizations now is two very different BISO models and two different levels of understanding of what a BISO actually does. We kind of joke in my current organization that a lot of folks see us as the easy button and we’re not, but we do connect a lot of the dots. I think we’re well-positioned to do that and to offload some of that from the CISO, so hopefully there’s a greater understanding of the role.
Olutoyosi Ajayi, BISO at the Central Bank of Nigeria: Over the next decade, or maybe by the next year, the focus on security will be there, but we will also be integrating security with business processes, seeing how we can drive a culture of security, and making the business understand that it’s security first. We also need to make people understand why security policies and processes need to be in place because at the end of the day, it’s the confidentiality, integrity, and availability of the information we’re trying to protect.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Patrica DiGiacomo, BISO at Kenvue: When I started this role, it really was about being able to be that bridge between our cyber organization and the business. As we now look towards 2025, one of the things I’m finding is that it’s not so much just being that bridge anymore, but it’s also really going to be about embedding cyber into the business. What do I mean by that? That’s really going to be thinking about how we could influence our business partners to start to really consume our policies…and really understand their risk.
Nicole Dove, head of security for Riot Games and former WarnerMedia BISO: One key thing I’m seeing is that the BISOs are being leveraged more heavily to drive and create a security culture. Keeping your workforce educated, letting them understand what threats are, educating them on what’s an incident, how to report an incident, and leveling up from an authentication perspective. So, while we are looking at like the evolving sexy pieces of cybersecurity, BISOs are still very much reminding people that we have to focus on the core foundations because that’s where everybody gets caught up.