We’ve been doing some research on how to talk security to the CIO. Been fascinating. Talked to two CIOs just this week and many more  last week. I’m amazed at how much security is on their radar and how much they know about it. We’ve been warned to “keep it simple, CIOs aren’t experts”… we’ve found the opposite.  Nothing superficial about it, they are living this.  Key themes:

• Security has spiked as a Board room concern (read: “I now get called in often!”)
• They still feel they don’t know what they don’t know (e.g., is there malware we just haven’t found?)
• Very risk management oriented in their approach to problems solving
• Tired of needing 30 vendors to solve the problem — looking for a strategic partner!
• (side note, for those interested in reporting lines: almost all the companies we interviewed, the CIO managed the CISO, with few exceptions)

Certainly themes we’ll be playing on as we move forward with our strategy. One of the CIOs ended by making clear how personally critical security is, she said: “It really is one of the few things that can be a job breaker.” Clear enough.