I love meeting other InfoSec professionals at other companies as it opens my eyes to what their risk priorities are and how they educate their staff good security behaviour, for example.
Recently I hmet mates in one company where they do not have a CISO per say, rather a senior manager who they report to - do you think an explicit CISO role is needed?
I would say "yes" as this person is an expert and has their team's interest at heart and take ideas and concerns to the Senior Managers.
Also, one company had a CISO who is contracted from an external consultancy firm - should a CISO be a permanent employee?
As much a CISO should bring knowledge, does having a contracted CISO bring potential conflicts of interest (especially if they are from a consultancy firm)?