Increasingly, information security is a board-level issue, says a security consultant friend. The best CISO’s seen have been bankers first, security professionals second, he says. “Without knowledge of banking, the CISO would have difficulty understanding the information they were hired to protect,” says a CISO. “We really should be pursuing MBA’s more than we should be studying computer science at this point,” one banking/security leader told me just last week. “If you understand that security is only 25% technology, 75% people, process, procedure and policy, that alone drives you to understand that.”]
Source: https://www.cuinfosecurity.com/blogs/which-comes-first-banker-or-security-professional-p-40