To be successful, CISOs need to have a combination of technology skills and business savvy, said Bill Hancock, vice president of global security solutions at Savvis Communications Inc. in St. Louis. "If you don't know how to communicate well, you will fail as a CISO," he said.

Jennifer Bayuk, CISO at New York-based Bear, Stearns & Co. Inc., said that it's also important for security managers to be able to demonstrate the value they bring to an organization -- especially because security is often seen as a cost center offering little return on investment.

"If you can't demonstrate what you are doing, it doesn't count," she said. As a result, there is a need for security managers to be able to put auditable security practices in place, she said.

Looking ahead, Bayuk predicted that CISOs will have two distinct career paths: one will be technology-focused and will involve reporting to the CIO; the other will be more business-focused and will involve dealing with chief risk officers or executives with that kind of responsibility.