The Growing Adoption of the Cloud-focused CSO

Hitch Partners was built on the idea that a new wave of CISO (aka ‘CSO’) talent would flourish in this Engineering and Product-oriented cloud-based world. The CSO’s critical function has traditionally been to protect the fortress by building better IT security programs and hygiene while driving stronger compliance. The modern CSO will be protecting code residing in a public cloud architectures while leveraging techniques such as microservices and open-source container systems such as Kubernetes.  

The practice of security leaders who are deeply embedded in identifying, evaluating, and protecting Engineering and Development risks, while not disrupting product velocity, has ignited the rise of the Cloud-focused CSO.

Over the past few years, we have built a CSO candidate framework to help clients identify their needs and distinguish the best security leader match for their organization. The CSO framework can be broken down into three* main executive profiles:

  1. The Risk and Compliance CSO – A more traditionally defined security executive focused on Information Security risk and governance across an Enterprise.

  2. The Security Operator CSO – An executive security operator focused on a combination of InfoSec, AppSec, and Cloud Security responsibilities.

  3. The Cloud-Focused CSO – An Engineering and Product-oriented driver of the security programs, posture, and awareness in a pure public cloud (often cloud-first) environment.  

*Hybrid combinations of these three profiles indeed exist.

We set out to track the adoption and growth of the Cloud-focused CSO across the U.S. Our research was compiled from 30+ CSO search projects and interviews with 700 CSOs/Heads of Security. After evaluating the adoption across a geographically-dispersed set of cities and regions, it became clear that the practice and need for Cloud-focused CSO’s is spreading rapidly across the nation (and the world).

Educating oneself in Cloud-focused CSO practices and trends can be a tremendous opportunity for both prospective clients to learn more about modern security hiring trends and for current and future CISO/CSO’s to expand their experiences in order to become more indispensable in their organizations.

Is your organization getting ready to transform to a Cloud-focused CSO leader or has your organization already taken a Cloud-focused approach to Security leadership? If so, please share your thoughts on this rapidly changing landscape.

Take a look at this infographic on the rise of the Cloud-focused CSO and let us know your thoughts. We welcome comments, critiques, and questions.