Most CISOs last 13 months in their job, or so I was told a decade ago. I’ve since seen as high as 18 months and as low as 11 months, but regardless of the actual length of time, I think we can all agree that any career with a short lifespan on achieving the leadership position of an entire department is extremely wasteful! The reason is simple: we aren’t aligned with the business. What it takes to get to the CISO seat is not what’s needed when sitting in it.
I did a presentation at DEEP, my company’s conference titled “How to Keep Your Job for More Than 13 Months’ focused on my own experiences and on discussions I had with several of my peers. For transparency, as I’m sure you can tell from LinkedIn, I have held four hybrid CISO/CSO positions and they lasted seven years, eight months, twenty-two months and now 29 months. My average tenure is roughly 35 months or just shy of 3 years. In my case, I chose to move on. However, the implication in most of these cases is that moving on is involuntary, and that’s wasteful too. more