When Ian Schneller entered the workforce in the early 1990s, cybersecurity was just emerging as a function within companies. It was a dedicated function, and where it existed at all, it served principally in a technical capacity by thwarting attacks against the organization and, to some extent, against customers. “That was really the role,” recalls Schneller, “defending against that constant onslaught of attackers, protecting the organization’s systems, information, and services…still a very, very technical role that in many cases developed from somebody working inside of it, maybe a system administrator, maybe a developer, or someone with a very technical background.”
Since then, Schneller has risen through the ranks of security operations and now serves as CISO at Health Care Service Corporation (HCSC). In 2023, he became the first CISO to win an Orbie Award in the newly created CISO category from Dallas CIO. The achievement underscores Schneller’s success in creating an innovative work environment and maintaining the integrity of sensitive information and systems across the company. As he’s risen, he has watched his field evolve. By 2017, 70% of Fortune 500 companies had employed a CISO, and the number is climbing.
Countless CISOs oversee large and sophisticated organizations that manage allthe activities that make for a secure enterprise—activities that involve more than just the technical aspects of defense, the aspects that, while still vital, are “now table stakes…not the end stake. That’s the beginning, the anteing up to play the game.”
Data backs up Schneller’s view of how much the CISO role has changed. A recent Splunk survey, for example, observed that “86% of CISOs say their role has changed so much since they started, it’s almost a different job.”
Here are what Schneller believes are the five key tenets that CISOs need to embrace for the role as it exists today:
1. Recognize the scope of the CISO role
Recognizing how comprehensive the role is today, says Schneller, is the first tenet for becoming, or finding, a strong CISO. Early on, it was enough that CISOs protected their companies and customers, and mostly they could do so on their own. To defend the organization today, CISOs must coordinate with leaders across the enterprise and, in a sense, with every employee.
