CTO vs. CIO vs. CISO

by Billy Bennett on October 14, 2016 in Business Intelligence, Cybersecurity, News, Security and Compliance, Services & Outsourcing, Technology, Web Content Management


With the technology advances in the modern industry, we are seeing new and emerging roles that take on the ever expanding factors that relate to the business needs of an organization as it pertains to technology, information, and security (and any permutation thereof). We generally have the Chief Technology Officer (CTO), a Chief Information Officer (CIO), and more recently a Chief Information Security Officer (CISO).

The CTO or Chief Technology Officer plays a crucial role within the modern organization because they are the focused on the technological and scientific factors that play into an organization. Although the CTO is an executive role and a more established title, they typically report to the CIO. In some cases the CTO and CIO are on an even plane where the CIO focuses on IT, and the CTO focuses on more core organizational and supporting technologies, but this is not normally the case. The CTO typically focuses their efforts on more long-term issues and new technology integration, but will have a profound knowledge in their specific area with a working knowledge of the regulatory requirements that are proprietary to their organization. This is why the CTO will represent an organization many times when facing customers or even presenting a business case to company executives.

The CIO typically works on the business management side of the organization and is more internally and operationally focused with their tasks. The CIO is crucial for IT resource management, especially when it comes to policy development, standard operating procedure development, practice development, training, resourcing, budgeting, and planning during a system or project development life cycle (SDLC or PDLC).

With the ever increasing security risks we face as we continue to stuff our precious information into publicly accessible CLOUD services, a new role has become prominent. This role is the CISO or Chief Information Security Officer. This position rose like a phoenix from the ashes from such security breaches as the Target breach of 2014 when 40 million credit card details and 70 million customer details were stolen by hackers, thus resulting in the resignation of Targets CIO. The CISO was brought into the modern organization to monitor and analyze potential security risks for the organization. Many times the CISO will work in the same “silo” as the Chief Security Officer (CSO (not previously covered)) and will typically report to the CEO. There are some cases where the CISO reports to the CIO, but with some debate the two entities are normally kept in different “silos” (…and by silo, I mean office. Silo just gives a vision of separation. If you’re looking into this position, you almost definitely will not be working in a silo) The CISO wasn’t really created to remove security concerns from the CIO’s role, but it was definitely created to increase the amount of IT risk mitigation within the organization.

With all of that being said, you can see the value of each position and how they each play a crucial role within a modern organization. The CTO takes on new technologies keeping the organization’s competitive edge, the CIO takes on operational IT requirements that keep the organization running, and the CISO takes on the ever increasing security risks an organization faces as it embarks on new ways to store their company’s precious data and information. It’s also likely that new positions will rise from the ashes of some unfortunate organizational failure in the future, but as one great television show used to say, “You take the good, you take the bad, you take them both and there you have the facts of life, the facts of life.” (The Facts of Life, TV Series 1979-1988)