Historically, if security leadership existed, it typically reported into a vice president of infrastructure or similar role and was constricted to operational activity around things like access control.
These days CISOs are not only asked to report to boards, but also be on them.
