Synopsys Publishes CISO Report; Identifies Four Distinct Approaches to the CISO Role
Two-year study explores the roles of information security leaders and how they are affected by organizational dynamics
MOUNTAIN VIEW, Calif., Jan. 17, 2018 /PRNewswire/ -- Synopsys, Inc. (Nasdaq: SNPS) today published the inaugural CISO Report, the result of a two-year data-driven study exploring the roles of information security leaders and the organizational dynamics that affect them. The Chief Information Security Officer (CISO) Report identifies four unique approaches to the CISO role called "tribes," each with distinct characteristics. The study emphasizes how the four tribes differ in executing a security plan and what the tribes can learn from one another, providing insight for leaders looking to improve their security programs and advance their careers.
"CISOs are humans too, and they sometimes worry about what they're doing, why they're doing it, and how they stack up against their peers," said Dr. Gary McGraw, vice president of security technology at Synopsys. "Unsurprisingly, there is no universal blueprint for a CISO; but, there are common characteristics that we can use to classify and understand them in a meaningful way. We believe that when CISOs understand their own approaches with reference to others, they will be better informed about their own ways forward."
Following a similar methodology as the Building Security In Maturity Model (BSIMM), the CISO Report represents an analysis of data gathered over the course of 2 years in a series of extended in-person interviews with 25 CISOs working for some of the largest companies in the world. The report identifies and describes the four tribes below using 18 discriminators to define tribe identification:
- Tribe 1: Security as Enabler
- Tribe 2: Security as Technology
- Tribe 3: Security as Compliance
- Tribe 4: Security as a Cost Center
"The CISO Report provides a simple but undeniably cogent framework to describe one of the most nuanced and challenging roles in the world," said Jim Routh, CSO of Aetna and a participant in the study. "Rather than simply measuring the merits of the individual behind the title, this study thoughtfully describes the many internal and external factors that contribute to a CISO's success. It is particularly useful for business leaders determining what type of CISO will best fit with the needs of the business at a specific point in time."
Download a complimentary copy of the CISO Report.
The CISO Report was authored by Dr. Gary McGraw along with Sammy Migues, principal scientist at Synopsys, and Dr. Brian Chess, SVP of infrastructure and security at NetSuite. The participating firms that elected to be named include ADP, Aetna, Allergan, Bank of America, Cisco, Citizens Bank, Eli Lilly, Facebook, Fannie Mae, Goldman Sachs, HSBC, Human Longevity, JPMorgan Chase, LifeLock, Morningstar, Starbucks, and U.S. Bank. Collectively, the population represents just under 150 years of experience in the CISO role.
About the Synopsys Software Integrity Platform
Synopsys offers the most comprehensive solution for building integrity—security and quality—into the software development life cycle and supply chain. The Software Integrity Platform unites leading testing technologies, automated analysis, and experts to create a robust portfolio of products and services. This portfolio enables companies to develop personalized programs for detecting and remediating defects and vulnerabilities early in the development process, minimizing risk and maximizing productivity. Synopsys, a recognized leader in application security testing (AST), is uniquely positioned to adapt and apply best practices to new technologies and trends such as IoT, DevOps, CI/CD, and the Cloud. For more information, go to www.synopsys.com/software.
Synopsys, Inc. (Nasdaq: SNPS) is the Silicon to Software™ partner for innovative companies developing the electronic products and software applications we rely on every day. As the world's 15th largest software company, Synopsys has a long history of being a global leader in electronic design automation (EDA) and semiconductor IP and is also growing its leadership in software security and quality solutions. Whether you're a system-on-chip (SoC) designer creating advanced semiconductors, or a software developer writing applications that require the highest security and quality, Synopsys has the solutions needed to deliver innovative, high-quality, secure products. Learn more at www.synopsys.com.
Mark Van Elderen
SOURCE Synopsys, Inc.