Most security professionals know what a CISO does. But what about a BISO? And why are Fortune 500 companies increasingly creating this executive role?

In this episode of The New CISO Podcast, host Steve Moore sits down with Evan Ferree, Staff Vice President and Business Information Security Officer at a Fortune 50 company, to decode one of cybersecurity's most misunderstood leadership positions.

Understanding the BISO Role:

• What a Business Information Security Officer actually does (and how it differs from a Deputy CISO)
• When organizations need a BISO - the size, industry, and complexity indicators
• Why the BISO serves as a "force multiplier" for the security organization
• How to measure and defend BISO value during organizational change

The Career Journey:

• Evan's unconventional path from IT infrastructure to executive security leadership
• How a major cybersecurity breach became his "MBA in cybersecurity" in six months
• Why volunteering for uncomfortable work during crisis creates career opportunities
• The progression from vulnerability analyst to SOC leadership to Staff VP

The 90% Influence Principle:

• Why the BISO role is about influence, not authority
• How to navigate multiple business units with different security needs
• Mastering the "why" behind security initiatives for non-technical audiences
• Building relationships and organizational awareness over time

Executive Skills That Matter:

• The "log lines" storytelling framework from Deloitte CISO Academy
• Developing executive presence through failure and self-awareness
• When to end a meeting and start over (and why that's okay)
• Speaking plain English vs. technical jargon with business leaders

Practical Career Advice:

• Transitioning from tactical security operations to strategic leadership roles
• Why getting uncomfortable is essential for growth
• Building business acumen alongside technical expertise
• Why Evan's best security hires came from outside cybersecurity

Key Insight: "You are 90% an influencer in this role. Unlike tactical security work where authority and urgency create credibility, the BISO must master explaining why security matters to the business - in terms the business understands."

Whether you're a security professional planning your path to executive leadership, a CISO considering adding a BISO function, or a business leader trying to understand how security enables business outcomes, this episode delivers actionable insights from someone who's lived the journey.

Guest: Evan Ferree, Staff Vice President & Business Information Security Officer at a Fortune 50 company, with 11 years of progressive security leadership experience spanning Security Operations, threat management, vulnerability management, and business information security.

Hosted by: Steve Moore | Produced in partnership with: Exabeam