Information security is a relatively recent addition or subset to IT. Most large organizations now profess to having a CISO, CSO or head of information security, many still dont. Its often the case that a company appoints its first CISO in the aftermath of a data breach – like Target did in 2014 or Sony in 2011. The InfoSec landscape has a huge skills gap, with Cisco, ISC2 and other authorities putting the shortage around 1.5 to 2 million personnel.”]

