CISO Turnover. PHOTO: Cybercrime Magazine.

24 Percent Of Fortune 500 CISOs On The Job For Just One Year

Roll call of Chief Information Security Officers at the largest U.S. companies

Steve Morgan, Editor-in-Chief

Sausalito, Calif. – Jul. 13, 2020

Turnover is rampant when it comes to chief information security officers at the largest companies in the U.S.

The average tenure for CISOs has been estimated at 18 to 26 months by various sources. By comparison, The average tenure for a CIO at the top 1,000 U.S. companies is 54 months, according to Korn Ferry.

A Cybersecurity Ventures analysis of Fortune 500 CISOs reveals the following statistics:

  • 24 percent of F500 CISOs have been in their current position for an average of 1 year.
  • 16 percent of F500 CISOs have been in their current position for an average of 2 years.
  • 13 percent of F500 CISOs have been in their current position for an average of 3 years.
  • 10 percent of F500 CISOs have been in their current position for an average of 4 years.
  • 37 percent of F500 CISOs have been with their current employer for 5 or more years (including their current CISO position and previous roles.) This does NOT mean that they have been a CISO for 5 or more years.

Why are these CISOs playing musical chairs?

Cybercrime TV: Roland Cloutier, former SVP & CSO at ADP

Now heading up security for TikTok

One reason a CISO will bolt from their corporate position is to take a job at a cybersecurity vendor because they are losing the battle against cybercrime, according to Joseph Granneman, founder at

Whether it’s because a CISO is faring poorly against cybercriminals or not is a debatable point, but numerous security head honchos at major corporations have switched over to the other side of our community — as well as to tech vendors more broadly.

Roland Cloutier, global CSO at TikTok, took that position a few months ago after logging more than 10 years at ADP, most recently as senior vice president and CSO. Given the controversy swirling around the mobile video provider, heading up security is a risky proposition for Cloutier no matter how you look at it.

Jumping ship for a vendor is hardly the only explanation for the CISO merry-go-round we are watching in 2020. In a highly competitive market such as cybersecurity, which is experiencing a talent crunch, security leaders will continuously make lateral or upward moves — presumably for better pay or just to take on new challenges.

Capital One recently hired a new CISO, Andy Ozment, the former CISO at Goldman Sachs. Ozment spent three-plus years at Goldman. Before that, he held impressive positions at 9 employers over his career — most of which lasted just 2 years or less. That’s not a knock on Ozment as much as it’s a reflection of the cybersecurity job market, which is predicted to have 3.5 million unfilled positions by 2021.

Cybercrime Magazine will be back soon with an updated count of CISO turnover based on the 2020 Fortune 500 list.

More Fortune 500 CISO Demographics

Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.

Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.