In episode 8 our popular podcast series, CISO Talks, we spoke with a specialist IT recruiter and asked what the role of CISO entails and how to be successful.
First, a little clarification. The role of a CISO will vary dramatically depending on the size of the organization and the industry you are in. A CISO in the tier one investment bank, for example, may be under a lot more pressure than CISOs in other industries. CISOs in companies that are considered high value targets for attackers will likely be under a lot more pressure than those in low value targets.
With that being said, data security is important regardless of the size and sector of your organization. So, if you are looking to become a CISO, or simply looking to improve your CISO-related skills, here are three ways to be successful:
They Understand the Language of the Board
CISOs can only be successful if they are able to communicate effectively with the rest of the board. Having a seat at the table indicative of a maturation in the data security market, but most other members of the C-Suite will not fully understand its importance and the role they all have to play.
Whether you are reporting on your current cybersecurity posture, requesting a bigger budget or simply explaining why data security is important, it’s unlikely the rest of the board will take notice unless you start speaking their language.
This means throwing away that InfoSec jargon and embracing more tangible concepts to relate data security to. For example, some of the successful CISOs we have spoken to have found success by relating data security to cash. This means aligning security in business terms and communicating what good and bad data security would cost the company.
They’re Good at Managing People
Similar to the first, a CISO is going to end up having to manage relationships across numerous departments and with large teams of people – all of which have different goals and need to be managed in different ways.
It’s incredibly important that a CISO is able to engage and manage people in such as a way that commands respect. If a CISO is treated like an equal, then they will find it much easier to communicate the importance of their position and get things done.
In today’s world, management skills are seen as being of higher importance than technical ability. Even just a few years ago, CISOs were expected to have had hands on experience inside IT or security teams. Now the role of a CISO is far more geared towards business than IT.
They Know the Risks (and How to Mitigate Them)
Good CISOs know where the gaps in their cybersecurity strategy are and how to mitigate them. If any new tool is implemented across the organization, the CISO should know about it and determine if it poses a risk to the current infrastructure. This would include ensuring that the third-party vendor was secure and compliant with any mandates the organization needs to meet.
Really successful CISOs are aware of the biggest risks to data security and how the company is addressing them or planning to address them.
If you want to know where the gaps in your data security are, schedule a data security risk assessment with Lepide.