search menu icon-carat-right cmu-wordmark

The Top 10 Skills CISOs Need in 2024

The Top 10 Skills CISOs Need in 2024
Press Release

Pittsburgh, Pa., January 24, 2024—“The role of the chief information security officer (CISO) has never been more important to organizational success,” writes Greg Touhill, director of the CERT Division of the Software Engineering Institute at Carnegie Mellon University in an SEI Blog post released today. In the post, Touhill, who was appointed by President Barack Obama to be the first CISO of the federal government, outlines the top 10 skills CISOs need for 2024 and beyond.

“The present and near-future for CISOs will be marked by breathtaking technical advances, particularly those associated with the inclusion of artificial intelligence technologies being integrated into business functions, as well as emergent legal and regulatory challenges,” he writes. “Continued advances in generative artificial intelligence (AI) will accelerate the proliferation of deepfakes designed to erode public trust in online information and public institutions. Furthermore, these challenges will be amplified by an unstable global theater in which nefarious actors and nation states chase opportunities to exploit any potential organizational weakness.”

Touhill advises CISOs to

  • Master AI Before it Masters You—CISOs need to understand the power and potential of AI-enabled technologies well beyond the mechanics of how AI is constructed and operated.
  • Improve Communication with the Board and C-Suite—Boards of directors and their various committees are increasingly calling on CISOs to provide in-person briefings and related materials.
  • Manage Risk Using Advanced Metrics and Risk Quantification—Evidence trumps anecdotes. CISOs need to have timely, accurate, and meaningful metrics to best manage the cyber risk posture of the organization.
  • Think Beyond Enterprise IT—Too many CISOs remain fixated on the enterprise IT network as their center of gravity and need to look at their key cyber terrain through the lens of the business.

Read the complete detailed list at

The new year may shape up to be a pressure cooker environment for CISOs in which advanced skills are critical. In 2024 and beyond, CISOs will need to be adept at technical, managerial, leadership, and communications skills to help their organizations thrive in today’s complex and dynamic globally connected environment.

For more information about this topic and other topics in software engineering, cybersecurity, and artificial intelligence, visit the SEI Blog at or the Software Engineering Institute website at