CISO MindMap 2020: What do InfoSec professionals really do?

Please note that an updated 2021 version of MindMap is available at

Most people outside Cybersecurity profession don’t fully realize and appreciate the complexity of security professionals’ job. I have been publishing and updating this MindMap for many years, not only as an effective educational tool but also enable professionals use this MindMap for designing and refining their security programs.

The latest version of CISO MindMap 2020 is here! COVID19 has forced every business to take unplanned actions. CISO’s had to enable work-from-home in a very short period of time to keep the business operational, and in many cases that work is still ongoing. If you say “I don’t like 2020 so far”, I may actually agree with you this time! I have to admit I am missing air travel and meeting with CISOs and other cybersecurity leaders in-person, although I used to complain about missing connecting flights. It was much better than getting stuck at home and staring at computer screen all day during video conference calls!

Download PDF version of CISO MindMap 2020

What is new?

What are some new areas that need your attention in 2020? Following is the list of recommendations, keeping in mind that you need to continue and improve what you have already been doing while considering these. This list does not make any other activities to manage risk as less important; Phishing is still there, ransomware attacks are still happening and you still need to manage compliance needs!

  • Improve SOC analyst productivity with SOAR
  • Reduction/consolidation of tools/technologies
  • Better protection & monitoring of Cloud
  • Explore new architecture models like SASE
  • Consider zero trust, secure enclaves
  • Edge computing security
  • Include deception technologies as part of security tools
  • COVID19 and Work from Home

You will find some text on the MindMap in red color which is to show changes since the last publication in 2019.

How to use CISO MindMap?

How many times people ask you about what you really do? Although the answer could be many things depending upon the context of the question and who is asking it, sending a copy of this MindMap could help. I have heard from many professionals that this MindMap is extremely helpful in explaining the complexity of a CISO job to business audience.

Using as poster, derived work, or commercial use – This is a copyrighted material but is made available for free to all with no strings attached as long it is not altered and not used to make money 🙂 When using this MindMap, please cite the source properly. Any derived work or commercial use requires written permission of the author.

To keep updated about future versions of this MindMap and other posts, subscribe to this blog by entering your email below:

About Rafeeq Rehman

Consultant, Author, Researcher.
This entry was posted in cisomindmap and tagged , , , , , . Bookmark the permalink.

Comments are closed.