Reiß: First of all, the role of the CISO has fundamentally changed in recent years. Previously, the focus was primarily on technical aspects and operational security. Today, strategic alignment and leadership skills are key qualifications. A modern CISO must not only manage technological risks but also act as a sparring partner for management, assess business risks, and embed information security as an integral part of the corporate strategy.
From my perspective, the biggest challenges currently lie in implementing new legal requirements such as NIS2, DORA, and the Cyber Resilience Act. I describe the whole thing as a regulatory jungle that first needs to be understood. We are operating in a complex regulatory environment that must be interpreted pragmatically and implemented with the right resources. Ultimately, it’s not just about ensuring compliance, but about increasing the security level throughout the entire company to create greater resilience.
Do we have too many safety rules?
