Who influences CISOs?

The Influence of CISOs has never been greater. But who influences the CISO?

Who’d be a Chief Information Security Officer? You think you’ve got everything under control and then wham, another new threat emerges from left field which is even bigger and scarier than the one before.

When the world’s top security blogger, Brian Krebs, is the target of a world record DDOS attack launched by botnets that hacked insecure Internet of Things (IoT) devices, you know that no-one or no organisation can remove themselves from the ever-evolving nature of cyber-warfare.

This is why CISOs seek out news and information about the latest threats, and why bloggers like Brian Krebs, news sources like Dark Reading and companies like WhiteHat Security are critical information sources for the beleaguered CISO.

In our latest report we’ve taken an in-depth look at the top 300 people, media and organisations that CISOs turn to for news, information and insight. These 300 are the ones that US CISOs pay the most attention to and, therefore, wield the greatest influence within the CISO community.

Here are the top influencers in each of the categories:

What does this table mean?

The report is divided up into the 15 categories listed above. In the ‘Technology News’ category, for example, there are 40 news sources in the top 300 and, when combined, they reach 44.4% of the CISOs in our research sample. The top technology news source is Dark Reading which, on its own, reaches 24.4% of the sample. The TRI (Target Relevancy Index) rating is a measure of how relevant the influencer’s content is specifically to the CISO’s requirements.

It should be stressed that the table above does not show the top 15 US CISO influencers, just the top influencer in each category. The top 15 – along with numbers 16-300 – can be seen in the main report and includes nine technology news feeds, one security writer, one security event, one training organisation, and three security experts.

Our findings

Dark Reading is the ‘go to’ source of security news and information for CISOs. Nearly a quarter of the sample follow Dark Reading.

There are 60 security experts in the advisor/consultant category and top of the list is Ed Skoudis, the Founder of Counter Hack and a fellow at SANS Institute. His output is followed avidly by nearly 17% of the CISO community.
Security companies feature heavily in this report. Security firms have really begun to understand that providing news and analysis from their own research is not only very useful to CISOs, but also extremely helpful when it comes to selling their products and services to CISOs. There are 45 companies that make the top 300 and WhiteHat Security is top of that list.

In a similar way, companies also understand the importance of getting their security experts out in the community and disseminating information, analysis and news. Of the 47 experts in this category that make the top 300, no one has been more successful in reaching the CISO community than Richard Bejtlich, Chief Security Strategist at Fireeye.
We were a little surprised by how few technology writers appeared in the top 300. Just 20 made the cut but the top ranked, and the person ranked 2nd overall in the top 300, is Brian Krebs who has been breaking news on security issues for many years via his blog Krebs on Security.

The mysterious ‘The Grugq’, is followed by 12% of the CISOs in our sample. His Twitter feed is a very good example of how to keep your audience interested and entertained.

We expected to see more industry analysts in the top 300 than the seven that did make it. Top of the list with a very high TRI score is Anton Chuvakin, Research VP at Gartner who is followed by one in ten of the CISOs in our sample.
Other observations that we found interesting from this research, which was based on 1,851 US based CISOs on Twitter, were:

  • Unlike their CIO counterparts who are very eager to follow their peers on Twitter, CISOs are not particularly interested in their peers.
  • CISOs’ commitment to their subject is unerring. Out of the ten most read tech news sources by CISOs, eight are security orientated.
  • CISOs are very interested in the thoughts and views of security consultants and security experts working within security firms
  • CISOs will follow an expert for that person’s particular area of expertise. For example, Ed Skoudis is renowned for his expertise on penetration testing.

And finally, it seems that, even in lighter moments, CISOs just can’t leave the security world behind. Take a look at the chart below of comedy accounts followed by CISOs. Four of the ten are security themed.

And the CISO’s favourite TV show? You guessed it…Mr Robot.

If you would like to know more about this research then email me at richard [at] apolloresearch.com.