Synopsys Publishes CISO Report; Identifies Four Distinct Approaches to the CISO Role

Two-year study explores the roles of information security leaders and how they are affected by organizational dynamics

MOUNTAIN VIEW, Calif., Jan. 17, 2018 — (PRNewswire) —   Synopsys, Inc. (Nasdaq: SNPS) today published the inaugural CISO Report, the result of a two-year data-driven study exploring the roles of information security leaders and the organizational dynamics that affect them. The Chief Information Security Officer (CISO) Report identifies four unique approaches to the CISO role called "tribes," each with distinct characteristics. The study emphasizes how the four tribes differ in executing a security plan and what the tribes can learn from one another, providing insight for leaders looking to improve their security programs and advance their careers.

"CISOs are humans too, and they sometimes worry about what they're doing, why they're doing it, and how they stack up against their peers," said Dr. Gary McGraw, vice president of security technology at Synopsys. "Unsurprisingly, there is no universal blueprint for a CISO; but, there are common characteristics that we can use to classify and understand them in a meaningful way. We believe that when CISOs understand their own approaches with reference to others, they will be better informed about their own ways forward."

Following a similar methodology as the Building Security In Maturity Model (BSIMM), the CISO Report represents an analysis of data gathered over the course of 2 years in a series of extended in-person interviews with 25 CISOs working for some of the largest companies in the world. The report identifies and describes the four tribes below using 18 discriminators to define tribe identification:

  • Tribe 1: Security as Enabler
  • Tribe 2: Security as Technology
  • Tribe 3: Security as Compliance
  • Tribe 4: Security as a Cost Center

"The CISO Report provides a simple but undeniably cogent framework to describe one of the most nuanced and challenging roles in the world," said Jim Routh, CSO of Aetna and a participant in the study. "Rather than simply measuring the merits of the individual behind the title, this study thoughtfully describes the many internal and external factors that contribute to a CISO's success. It is particularly useful for business leaders determining what type of CISO will best fit with the needs of the business at a specific point in time."

Download a complimentary copy of the CISO Report.


The CISO Report was authored by Dr. Gary McGraw along with Sammy Migues, principal scientist at Synopsys, and Dr. Brian Chess, SVP of infrastructure and security at NetSuite. The participating firms that elected to be named include ADP, Aetna, Allergan, Bank of America, Cisco, Citizens Bank, Eli Lilly, Facebook, Fannie Mae, Goldman Sachs, HSBC, Human Longevity, JPMorgan Chase, LifeLock, Morningstar, Starbucks, and U.S. Bank. Collectively, the population represents just under 150 years of experience in the CISO role.

About the Synopsys Software Integrity Platform

Synopsys offers the most comprehensive solution for building integrity—security and quality—into the software development life cycle and supply chain. The Software Integrity Platform unites leading testing technologies, automated analysis, and experts to create a robust portfolio of products and services. This portfolio enables companies to develop personalized programs for detecting and remediating defects and vulnerabilities early in the development process, minimizing risk and maximizing productivity. Synopsys, a recognized leader in application security testing (AST), is uniquely positioned to adapt and apply best practices to new technologies and trends such as IoT, DevOps, CI/CD, and the Cloud. For more information, go to

About Synopsys

Synopsys, Inc. (Nasdaq: SNPS) is the Silicon to Software™ partner for innovative companies developing the electronic products and software applications we rely on every day. As the world's 15th largest software company, Synopsys has a long history of being a global leader in electronic design automation (EDA) and semiconductor IP and is also growing its leadership in software security and quality solutions. Whether you're a system-on-chip (SoC) designer creating advanced semiconductors, or a software developer writing applications that require the highest security and quality, Synopsys has the solutions needed to deliver innovative, high-quality, secure products. Learn more at

Editorial Contacts:
Simone Souza
Synopsys, Inc.

Mark Van Elderen
Synopsys, Inc.


Cision View original content:

SOURCE Synopsys, Inc.

Company Name: Synopsys, Inc.
Financial data for Synopsys, Inc.

Review Article Be the first to review this article

Featured Video
Geodesign Manager for Design Workshop at Aspen, Colorado
Mechanical Engineer for Flextronics at Milpitas, California
Failure Analysis Engineer for Flextronics at Milpitas, California
Upcoming Events
2020 IIBEC Virtual Canadian Building Enclosure Symposium at 1500 Sunday Drive Suite 204 Raleigh NC - Sep 22 - 24, 2020
Digital Construction Week 2020 at Excel London United Kingdom - Oct 21 - 22, 2020
2020 Design-Build Conference & Expo! at Gaylord National Resort & Convention Center National Harbor MD - Oct 28 - 30, 2020
Kenesto: 30 day trial
Digital Cities - Countless CAD add-ons, plug-ins and more.

© 2020 Internet Business Systems, Inc.
670 Aberdeen Way, Milpitas, CA 95035
+1 (408) 882-6554 — Contact Us, or visit our other sites:
TechJobsCafe - Technical Jobs and Resumes EDACafe - Electronic Design Automation GISCafe - Geographical Information Services  MCADCafe - Mechanical Design and Engineering ShareCG - Share Computer Graphic (CG) Animation, 3D Art and 3D Models
  Privacy PolicyAdvertise