The world of cyber security changes quickly. If you want to be at the top of your game, a next-generation (“next-gen” in IT-speak) CISO, you should consider these guidelines for building and maintaining the skills and relationships that can take you to the next level.
Ransomware and data breaches pose a massive risk to organisations, resulting in loss of customer trust and shareholder value, reputation damage, hefty fines, and penalties. Cyber risk is a top concern in US corporate boardrooms, elevating the role of the chief information security officer to rapid prominence. More than half (61%) of CISOs report to a board and board members are increasingly interested in what CISOs have to say. But technical skills alone won’t suffice for today’s CISO. Here are the top qualities that identify a next-generation chief information security officer.
1. Displays a strategic focus
Next-generation CISOs are distinguished by their visibility and confidence. The best will frame issues from a business perspective rather than a technical or tactical viewpoint. They present themselves as visionary leaders and not as firefighters only to be deployed in the event of an emergency. They have a broadly strategic vision around cyber security and its evolving threat vectors and regulatory mandates. They are strong communicators, speaking in a language the business understands and aligning cyber security concepts to the goals and strategy of the business.
2. Balances opportunity with risk
Not all risk is bad or harmful, but unmanaged risk certainly can be. If the CISO is claiming that all risk is bad and must be squashed, they may fail at connecting with associates and hinder progressive plans. Next-gen CISOs should be enablers rather than blockers. They must help executive teams balance opportunities with risk. What is the tolerance level? Where is the line a business shouldn’t cross? These are questions CISOs must help answer. Risk is a business decision and not a security decision — while it’s the CISO that initiates the risk and reward discussion, it’s the business that must decide whether it wants to accept the risk or do something about it.
3. Allows leadership experience to shine through
Next-gen CISOs are charismatic, innovative, well-connected, and well-respected individuals across the organisation and the security industry. They never waste an opportunity to show the value information security brings to the business. They are increasingly creating reporting structures outside of IT to emphasise their independence. Next-gen CISOs regularly participate in industry events and often share their experiences across social media as well as broadcast and print media, helping to further their reputation and influence.
4. Understands the business, earns trust, and practices empathy…