Publisher’s Spotlight: IANS: Providing Expert Guidance to CISOs and their Teams
IANS Research has been working for the last two decades to create a way for InfoSec practitioners to collaborate in ways that are often difficult in other settings. The IANS model relies on industry experts with hands-on experience to help share exactly how they’ve solved problems in the past. While other analyst firms provide broad overviews of market participants, providing good ways to discover different solution providers, IANS has a laser focus on talking about specific solutions that have actually worked in the past.
New SEC rule changes are expected to require public companies to formally disclose the cybersecurity expertise of the board. On most boards, cyber understanding is insufficient. Recent research by The CAP Group revealed that 90% of Russell 3000 companies lack a single board director with cybersecurity expertise, illustrating a significant cyber expert supply-side gap.
“In light of the proposed SEC rule changes, boards will need to identify candidates with cybersecurity expertise, and it makes sense that they will look to CISOs to fill this gap,” said Phil Gardner, CEO of IANS Research. “However, only a small fraction of CISOs are strong candidates for boards today. IANS Research has partnered with Artico Search and The CAP Group to equip both boards and CISOs with valuable insights and recommendations to close the cyber expert supply-side gap.”
The CISOs as Board Directors, CISO Board Readiness Analysis, conducted by IANS Research in collaboration with Artico Search and The CAP Group, evaluated the qualifications of CISOs across the Russell 100 (top 1000 US public companies by market capitalization) against five key traits of credible cyber board candidates and found that less than half of Russell 1000 CISOs stand out as board candidates.
The research also revealed:
- 90% of public companies lack even one qualified cyber expert, showing a significant cyber board supply-demand gap
- Only 15% of CISOs have broader traits required for board level positions, with another 33% having a subset of those necessary traits
- A mere 2% of top 1000 CISOs are board-certified
- Half of qualified CISO candidates are female or from an underrepresented group, showing companies can add diversity and cyber expertise in a single candidate
- This is especially significant given that SEC rule 5605(f) will enforce diversity by requiring boards to have a minimum of 1 female and 1 underrepresented minority
“IANS Research has been working for the last two decades to create a way for InfoSec practitioners to collaborate in ways that are often difficult in other settings. The IANS model relies on industry experts with hands-on experience to help share exactly how they’ve solved problems in the past. While other analyst firms provide broad overviews of market participants, providing good ways to discover different solution providers, IANS has a laser focus on talking about specific solutions that have actually worked in the past.
I’ve been working with IANS now as Faculty for 18 years and in that time I’ve had tens of thousands of interactions with security professionals working at every level of the ecosystem. From CISOs to brand new SOC analysts. As one of its core offerings, IANS offers one-hour Ask an Expert sessions during which a client poses a question, provides background to the problem that they’re trying to solve, and then we have an interactive discussion about different ways to approach a solution.
Sometimes we have to dig deep into the guts of a technology platform to troubleshoot problems, other times we serve more as security therapists, listening to organizational and people problems and suggesting ways to approach a human-focused resolution.
As Faculty, I love these AAE calls as I gain insights into real-world problems across the entirety of IANS customer base, which ranges from small businesses with hundreds of users to multi-national conglomerates with hundreds of thousands of employees. I have built very strong connections to the security teams within IANS customer organizations, and those serve me well when I’ve had to conduct research into some of the most-difficult security problems, such as the Microsoft Storm incident and the explosion of Large Language Models over the last year.” – Aaron Turner, IANS Research Faculty and Saas CTO, Vectra AI.
For the security practitioner caught between rapidly evolving threats and demanding executives, IANS Research is a clear-headed resource for making decisions and articulating risk. They provide experience-based security insights for CISOs and their teams. The core of their value comes from the IANS Faculty, a network of seasoned practitioners. They support client decisions and executive communications with Ask-an-Expert inquiries, peer community, deployment-focused reports, tools and templates, and consulting. Learn more at https://www.iansresearch.com/
About the Publisher
Gary Miliefsky, Publisher & Author. Gary Miliefsky is an internationally recognized cybersecurity expert, bestselling author and keynote speaker. He is a Founding Member of the US Department of Homeland Security, served on the National Information Security Group and served on the OVAL advisory board of MITRE responsible for the CVE Program. He founded and is the Publisher of Cyber Defense Magazine since 2012. Visit Gary online at: https://www.cyberdefensemagazine.com/