'Cyber security is a dark art': The CISO as soothsayer

by   Joseph Da Silva, et al.

Commercial organisations continue to face a growing and evolving threat of data breaches and system compromises, making their cyber-security function critically important. Many organisations employ a Chief Information Security Officer (CISO) to lead such a function. We conducted in-depth, semi-structured interviews with 15 CISOs and six senior organisational leaders, between October 2019 and July 2020, as part of a wider exploration into the purpose of CISOs and cyber-security functions. In this paper, we employ broader security scholarship related to ontological security and sociological notions of identity work to provide an interpretative analysis of the CISO role in organisations. Research findings reveal that cyber security is an expert system that positions the CISO as an interpreter of something that is mystical, unknown and fearful to the uninitiated. They show how the fearful nature of cyber security contributes to it being considered an ontological threat by the organisation, while responding to that threat contributes to the organisation's overall identity. We further show how cyber security is analogous to a belief system and how one of the roles of the CISO is akin to that of a modern-day soothsayer for senior management; that this role is precarious and, at the same time, superior, leading to alienation within the organisation. Our study also highlights that the CISO identity of protector-from-threat, linked to the precarious position, motivates self-serving actions that we term `cyber sophistry'. We conclude by outlining a series of implications for both organisations and CISOs.


page 1

page 2

page 3

page 4


A systematic literature review on cyber threat hunting

Since the term "Cyber threat hunting" was introduced in 2016, there have...

Cyber security and the Leviathan

Dedicated cyber-security functions are common in commercial businesses, ...

Cyber Vaccine for Deepfake Immunity

Deepfakes pose an evolving threat to cybersecurity, which calls for the ...

"Please help share!": Security and Privacy Advice on Twitter during the 2022 Russian Invasion of Ukraine

The Russian Invasion of Ukraine in early 2022 resulted in a rapidly chan...

NATOs Mission-Critical Space Capabilities under Threat: Cybersecurity Gaps in the Military Space Asset Supply Chain

The North Atlantic Treaty Organizations (NATO) public-private Space Asse...

Teaching Information Security Management Using an Incident of Intellectual Property Leakage

Case-based learning is a powerful pedagogical method of creating dialogu...

Please sign up or login with your details

Forgot password? Click here to reset