Stephen Katz is the first person to take on the role of chief information security officer.

Investors need to understand how the business works too, as more cybersecurity companies enter a crowded marketplace, vying for business, venture funds or new capital from an IPO.

Katz says it's important for people to understand the responsibilities of the people who oversee cybersecurity. This way, people can be better prepared to interpret headlines and know what really matters.

Today, Katz is a go-to name in the industry. He works as a cybersecurity consultant and has a track record of supporting high-value information-sharing initiatives in finance, and more recently in health care.

The CISO role dates back to 1994, when banking giant Citigroup (then Citi Corp. Inc.) suffered a series of cyberattacks from a Russian hacker named Vladimir Levin. The bank created the world’s first formal cybersecurity executive office, and hired Steve Katz to run it.

One way to start breaking through the jargon and intrigue is to try viewing these issues through the lens of the Chief Information Security Officer (CISO), typically the top cybersecurity executive at a company.

There's so much cybersecurity news these days, from elections integrity to stolen credit reports to the latest cybersecurity start-up, sometimes it feels like you need a decoder ring to make sense of it all.

A view shows a laptop display showing part of a code, which is the component of Petya malware computer virus according to representatives of Ukrainian cyber security firm ISSP, at the firm's office in Kiev, Ukraine July 4, 2017.

The responsibilities of CISOs vary by industry, size of company and how the organization is regulated. Different companies structure cybersecurity in different ways, but there are many common themes.

At big companies, CISOs often oversee a team of security professionals that work for the company. Smaller firms may outsource the job to a company that provides managed services. Many do a combination of the two.

We compiled this list based on research of public, private and academic resources, job postings, and interviews with cybersecurity officers and the executives who hire them.

Security operations: This function involves real-time analysis of threats, including watching the tools that monitor a company’s firewalls, entry points, databases and other internal environments. When something goes wrong, these folks are supposed to discover and triage the problem.

Cyberrisk and cyber intelligence: Corporate boards often ask CISOs to get out ahead of new types of attacks that could be harmful, business deals that could introduce risk of a breach or new products that might weaken security.

In 2017 Verizon lopped $350 million off the buying price of Yahoo, following revelations a prior data breach had affected more people than Yahoo originally stated. That's an example of Verizon quantifying how much a cybersecurity risk costs (although the company reportedly wanted a bigger discount of up to $925 million).

When a senior official with the Office of the Director of National Intelligence told a panel in Aspen that Iranian operatives have cyber weapons poised on U.S. infrastructure, he's relying on a complex collection of cyber intelligence.

Data loss and fraud prevention: People emailing out sensitive information, or insiders stealing intellectual property when they quit, are two examples of what these professionals handle. They use tools that monitor the flow of information in an organization, to spot when large amounts of data are leaving the company.

When Elon Musk said an engineer at Tesla was flagged for sending source code outside the firm, that type of problem is usually handled by this team.

Security architecture: This person builds the security backbone of a company, sometimes from the ground up, in part by deciding where, how and why firewalls are used. These pros may also make decisions like how to separate or segment certain networks. They may also rely on penetration testers or ethical hackers to test the defenses they create for the company.

If you wondered how the WannaCry or NotPetya ransomware moved so rapidly between different parts of some affected companies, that's because many companies had "flat" networks with no way to quarantine the attack between business units. A security architect could help build a more resilient network.

Identity and access management: These employees deal with credentials. When you get your username and password at a new company, it likely went through the hands of somebody in this field. These professionals maintain who has access to which tools, who gets which email addresses and how rapidly those credentials are taken away when somebody gets fired.

That last point is key and if mishandled can lead to a lot of data loss. In one famous case involving an engineering firm in Tennessee, an ex-employee was able to access valuable information for several years after leaving for a competitor because his credentials were never retired.

Program management: Once a company has measured its risks, gathered intelligence and mapped where its data is going, it may find some gaps. To fill those gaps, companies create projects and programs. Cybersecurity program managers don’t always have a deep technical background, but they know how to build and manage new initiatives meant to keep the company safer.

One example of a common program: patching systems on a regular basis. When program management is poorly handled, you can have missed patches -- like the one that led to the massive data breach at Equifax and cost CEO Richard Smith his job.