top of page
Penetration-Testing-banner.jpg
Writer's picturepwright85

The Security World Has a CTO Problem – But Not Like You Think

After 20 years in the industry and witnessing the explosive growth of the cybersecurity sector, I can say with confidence that the world has a CTO problem. But maybe not in the way you’re thinking. Major brands like Dell, AT&T, and Ascension Healthcare have all recently suffered significant cyberattacks, despite their large security budgets & well-staffed teams – highlighting just how pervasive this issue is.


Many CTOs are unaware or uneducated about the specifics of cybersecurity. It’s a reality I've come to accept in recent years. After 15 years leading an Ethical Hacking firm and having countless conversations with CTOs from all over the world, I stand by this observation. I've seen it firsthand and I want to help.


A Chief Technology Officer is expected to be knowledgeable about all aspects of technology – not necessarily as a practitioner (though that would be ideal), but at least with an executive-level understanding. So why are some CTOs still falling short when it comes to cybersecurity? Especially since cybersecurity is the one area that can halt business operations within minutes.


To put it simply, most CTOs are overwhelmed by scope creep, unrealistic expectations, and budgets that don’t match their needs.


The Overloaded CTO


Here’s a glimpse of the many areas a CTO is responsible for:


  • Governance, Risk, and Compliance

  • Business KPIs

  • Security KPIs

  • Mentoring their team

  • Training employees on operational tech and security threats

  • Managing vendors and third parties securely

  • Staying up-to-date with the latest technology advancements

  • Creating and managing policies and procedures

  • Overseeing Artificial Intelligence initiatives

  • Balancing business initiatives with a limited budget

  • Professional development across various industries and technologies

  • Cybersecurity

  • Executive management

  • Attending trade shows and educational events

  • Vetting vendor presentations and solutions


It’s not exactly a “cushy” job with so many responsibilities to juggle. It’s even more challenging when done right, leading us to the core issue: CTO overload.


The Unique Threat of Cybersecurity


CTOs are tasked with too much. Ideally, a CTO should have a support structure that includes a CISO, CSO, or at least a couple of dedicated security professionals. But the world isn’t perfect, and these responsibilities often fall on the CTO, who might not get the budget they need to do their job effectively.


So what should a CTO do in this situation? The short answer is: prioritize. Every responsibility listed above is important, but cybersecurity is the one area that can cripple a company in minutes or a single day.


Cybersecurity often gets pushed to the bottom of the priority list because there isn't always an immediate issue. With so many other demands, CTOs and their teams don’t always get back to addressing security concerns. I've heard this repeatedly from CTOs in industries like Healthcare, Finance and SaaS. This becomes a significant problem when a breach occurs due to those neglected security projects.


Consequences of Neglecting Cybersecurity


The problem with such breaches is they could have been prevented. The problem with such breaches is they SHOULD have been prevented. The problem with such breaches is they can cost the CTO their job and reputation. The problem with such breaches is that 60% of companies that experience a breach are out of business within six months. The problem with such breaches is it can cost upwards of $4.5 million (2023 numbers from IBM) to remediate, recover, and bolster security measures. The problem with such breaches is the CTO was set up for failure.


And this all falls on the CTO. Is it fair? I’ll let you decide. CTOs are generally well-compensated (with an average salary range of $230k-$390k according to salary.com). However, from my daily experience in this field, it’s unrealistic to expect the CTO to deliver on every task without the necessary support system.


Support Systems for CTOs


Here’s what I wish CTOs, Executive Management, Shareholders, Board Members, and employees understood:


  • CTOs need a dedicated security team.

  • CTOs need an operational team.

  • CTOs need support from Directors.

  • CTOs need a sufficient budget.

  • CTOs need time and space to think and strategize.


Actionable Steps for CTOs


If you’re a CTO, my message to you is this: Hang in there, advocate for yourself and your team, seek out vendors or team members who can fill your knowledge gaps, and most importantly, prioritize cybersecurity in your operations.


At every product or project meeting, ask this simple question: “How and where does security fit into this plan?” That simple phrase can help an overburdened CTO inject cybersecurity into their and their team’s daily thought processes and workflows.


By elevating cybersecurity within your organization, you set yourself, your company, your team, and your clients up for success. Understand why it’s so crucial.


There are many more CTOs to talk to, much more education to provide, and a lot of cybercrime to prevent.


Stay Secure,


Patrick Wright

Co-Founder, CTO, CISO at STP Ventures LLC

Cybersecurity Strategist, Evangelist, and Educator

 

66 views0 comments

Recent Posts

See All

Comments


secure.png

Ready to
Secure Your Business?

Protect your business from cyber threats with STP Ventures. Contact us today to learn more about our services and how we can help you stay safe online.

bottom of page