Succeeding in the Stress-filled CISO Role

Scott Hays
Senior Director, Product Marketing
Rimini Street
3 min read

The role of the Chief Information Security Officer (CISO) has evolved into a strategically critical—and stress-inducing—role. As the old saying goes, security chiefs must be right 100% of the time, while cyber-attackers seeking to create operational or financial chaos only need to be right, or lucky, once.

Digital transformation and the rapid increase in remote and hybrid workforces have expanded the threat surfaces for many, if not most, organizations. As a result, boards of directors are increasingly focused on the role of cybersecurity, elevating the role and responsibilities of CISOs.

The Register recently reported on a survey of security executives who said that securing the remote workforce is the top stressor on the job. Almost half of those surveyed said it’s impossible to stop every threat, yet that is the expectation. Adding to the stress, 43% say they’re expected to always be on call, and 40% “cite both inadequate existing security stack and insufficient SecOps staff.”

Today’s reality is that the bad guys are racing at full speed while the good guys are playing catch-up.

The CISO’s perspective

For more insight into the changing nature of the CISO role, I recently sat down with Jim Hillier, a 30-year veteran of information security who currently serves as Director and Principal Advisor, Security at Rimini Street.

Jim has served across both public and private sectors and in the roles of CTO, CIO, and CISO in the public and private sectors. He has spearheaded teams of more than 100 professionals responsible for optimizing security, technology, and business functions from daily operations to policy implementation. Through his experience, he has a deep and insightful perspective on the responsibilities and challenges of today’s security chiefs.

As Jim points out, many criminal hackers are well-funded, some are even state-sponsored organizations. Some are utilizing ransomware proceeds to fund a new business model that Jim equates to a “new mafia.”

When attacked, organizations must quickly assess everybody affected and what their state or country requires for notification and response, which in some cases may require offering ongoing credit monitoring. In addition, says Jim, CISOs should have an instant response plan ready and funding to support investigations, forensic accounting, and data preservation.

“It’s like a crime scene – evidence has to be preserved,” he adds. “At the same time, you’ve got to be up and running and keeping the business going.” Today’s CISO must know what employees and third-party providers to immediately alert and mobilize for the incident response. For example:

  • do you know who to contact at the FBI?
  • what state-level officials do you need to engage with?
  • who is your insurer and what are the details of your insurance policy?
  • how do contact your legal counsel?

Board-level advice and consultation

CISOs must have clear insight into board-level strategy of how to respond to incidents. In the case of a ransomware attack, what is the organization’s posture on paying a ransom in hopes for regaining access to data? “You don’t want to go to your board and have that conversation while you’re trying to fight the fire,” says Jim.

Many CISOs may be relatively new to their current positions and potentially scrambling to respond to an attack. According to a survey by search firm Marlin Hawk, “53% of global CISOs have been in their current role for two years or less, meaning they assumed a new position during the COVID-19 pandemic.”

Jim urges CISOs to view themselves as advisors to CIOs and boards of directors in helping them assess their risk appetite. “You can’t protect everything 100%,” he explains. “There’s a dollar figure associated with that, and that funding usually comes from the board.”

 

You may also like:

Looking for thought-provoking, educational content? Check out Street Wise, your one-stop shop for authoritative articles, interviews, blogs, and more from industry leaders on today’s hottest topics.

Scott Hays

Senior Director, Product Marketing
Rimini Street

Scott Hays is a seasoned veteran in enterprise software technology for ERP and customer experience. At Rimini Street, Hays is responsible for the go-to-market strategy, messaging, and content for end-to-end software support, products and services.

Prior to Rimini Street, Hays served as senior vice president of product marketing for Epicor, a mid-market ERP provider, and vice president of solutions marketing for Verint, a global leader in customer engagement solutions.

Earlier in his career, Hays was with Clarus Corporation as a development manager and product manager for financials, procurement, and business intelligence solutions, and was a retail buyer and systems manager with Macy’s Department Stores.

Hays holds a degree in Economics and Sociology from Stanford University.

More from Scott Hays

Dear SAP Support — I’ve Met Someone Else
Blog
Dear SAP Support — I’ve Met Someone Else
Scott Hays
Scott Hays
Senior Director, Product Marketing
Rimini Street
4 min read

I don’t think we should see each other anymore. It’s not you; it’s me. Actually, on second thought, it’s mostly you. Our relationship started as expected, but we’ve grown apart. We now want different things. Let me explain.  You’ve changed It used to be that my annual maintenance fee got me support, maintenance and new […]

No More FOMO – SAP ECC Customers Are Not Missing Out on New Features
Blog
No More FOMO – SAP ECC Customers Are Not Missing Out on New Features
Scott Hays
Scott Hays
Senior Director, Product Marketing
Rimini Street
3 min read

FOMO, or the fear of missing out, is a thing, mostly in social media and personal endeavors. But it also has a parallel in enterprise software roadmaps. Stay with me and I’ll explain. ERP software – it first hit the scene in the 1960s. In the decades that followed, the number and variety of ERP […]

Thanks, But No Thanks – SAP ECC6 EHP0-5 Customers Just Don’t See the Value of a Forced S/4HANA Upgrade
Blog
Thanks, But No Thanks – SAP ECC6 EHP0-5 Customers Just Don’t See the Value of a Forced S/4HANA Upgrade
Scott Hays
Scott Hays
Senior Director, Product Marketing
Rimini Street
4 min read

For customers of SAP ECC 6 versions EHP0-5, there’s a hard deadline coming December 31, 2025, when mainstream support from SAP will end for those versions. SAP isn’t offering extended support for EHP0-5. The deadline is a fork in the road created by the vendor. At that point, customers will be automatically converted to customer-specific […]

From TCO to TCC: Don’t Give Up Cost Control to a Vendor “Landlord”
Blog
From TCO to TCC: Don’t Give Up Cost Control to a Vendor “Landlord”
Scott Hays
Scott Hays
Senior Director, Product Marketing
Rimini Street
3 min read

The acronym TCO stands for “total cost of ownership” – a phrase that reminds us that the cost of a technology solution is rarely just the price of the solution. Oftentimes, there are numerous other components that comprise the total cost. But there is a fundamental problem when considering TCO for a technology solution: It […]

third party support
Blog
Independent, Third-Party Support Definition (in 1,000 Words or Less)
Scott Hays
Scott Hays
Senior Director, Product Marketing
Rimini Street
5 min read

This blog was originally published in July 2020 and was updated in June 2024  Many organizations around the world are familiar with independent, third-party support. Many others are not. Still others have some preconceived notions about what it is and how it helps. What is Third-Party Support? A simple definition. Third-party support is software support […]

Your SAP Support Clock May Be Ticking Faster Than You Think
Blog
Your SAP Support Clock May Be Ticking Faster Than You Think
Scott Hays
Scott Hays
Senior Director, Product Marketing
Rimini Street
2 min read

If you’re running SAP ECC 6, your support clock is ticking—perhaps faster than you realize. Not to worry, you’ve got options and we can help. By now, just about every SAP customer knows that 2027 is the end date for ECC 6 mainstream maintenance support. But that’s only half the story. That’s because for half […]

ERP Strategy Lessons from Sweden’s CIO of the Year
Blog
ERP Strategy Lessons from Sweden’s CIO of the Year
Scott Hays
Scott Hays
Senior Director, Product Marketing
Rimini Street
2 min read

Ingo Paas is the CIO of Green Cargo, a sustainable logistics partner serving 270 locations across Scandinavia, transporting some 22 million tons of freight annually. Recently, my colleague Luiz Mariotto and I had the privilege of hosting Ingo and a roundtable of IT leaders. Afterward, Ingo shared a deeper dive on his bold strategies that […]

Rethinking the SAP ECC to S/4HANA Migration Mandate
Blog
Rethinking the SAP ECC to S/4HANA Migration Mandate
Scott Hays
Scott Hays
Senior Director, Product Marketing
Rimini Street
4 min read

Contrary to what SAP may want you to think, ECC to S/4HANA migration isn’t mandatory for your enterprise. In fact, independent support can extend your current ERP investment beyond SAP’s projected end of mainstream maintenance for ECC in 2027. I sat down with three of our SAP ERP experts to discuss the options businesses have. […]

An hourglass and clock depict the 2027 end date for SAP’s ECC support for SAP ECC 6.0.
Blog
No Extension to SAP ECC 6 and Business Suite 7 Mainstream Support End Date in 2027
Scott Hays
Scott Hays
Senior Director, Product Marketing
Rimini Street
3 min read

Did Christian Klein just burst your SAP bubble? Back in 2020, SAP announced that it would extend the end of mainstream ECC 6.0 support from 2025 to 2027. At the time, that ⁠wasn’t a big surprise. There was speculation among the SAP community that SAP would extend the deadline again. As they say, “Sorry to burst […]

Love It or Leave It: Should You Replace or Modernize Your ERP System?
Blog
Love It or Leave It: Should You Replace or Modernize Your ERP System?
Scott Hays
Scott Hays
Senior Director, Product Marketing
Rimini Street
4 min read

As IT leaders look toward the future of their ERP system, they must decide whether to innovate at the edges of the current system or replace it completely.  We’ve all seen those reality home renovation shows where a couple must decide whether to renovate their current home or buy a new one. If the place […]