Digitization of business, the involvement of disruptive technologies to perform business functions, dissolving the boundaries between usage of personal devices to business work and evolution of technologies like Artificial Intelligence (AI), Machine Learning and Deep Learning are increasing the attack vectors. The targeted attacks using the technological innovation has increased. The recent ransomware attacks have proven capability to cripple the nationwide systems. This drives the regulators to add more complex regulatory mandates.
All these are the reasons cybersecurity has become part of boardroom discussion and the Chief Information Security Officer (CISO) role has emerged.
This role has the glamor of CxO role at the same time the challenges, the pressure that needs to be handled by the CISO are ever increasing. Todays CISOs are facing many challenges.
If you are currently working in cybersecurity space and have the ambition to be in the shoes of CISO, you need to focus on enhancing following skill and if you think you have not acquired a specific skill listed below, start it now.
1. Business acumen: The new CISO role is no more traditional technology role, business is dependent on technology to survive and thrive in the highly competitive market. And now the question is not “if we get breached but when we get breached …” drives CISO to have business knowledge and the cybersecurity risks associated the business functions.The success of CISO depends on the quickness of understanding changes business environment and dealing with maintain security posture without becoming a hindrance to the business growth.
2. Building Relationships: The 2016 survey conducted by Deloitte on CISO’s strategic role reveals that more than 70% of C-suite executives do not think CISOs are part of organizations leadership teams. CISO needs to have the skill of building the relationship and getting acceptance with C suite executives. Since security is a cross-functional area, CISO needs to develop good friendly relations with other IT function stakeholders. To get acceptance of the security control and policies.Building relationship is the glue that holds together functioning of teams, partnerships and relationships. Supported by persistence and pervasiveness the CISO can be successful.
“Trust is glue of life. It is the most essential ingredient of effective communication. It is the foundational principle that holds relationships” – Stephen Covey
3. Agility and adaptability: Ever changing business requirements, complex mandated from the regulators, evolving attack techniques and dynamic attack vectors, CISO needs to be always on his toes, to identify the forthcoming changes and adapt to new situations, handle unexpected demands with confidence, and be ready to pivot at any moment.
“Intelligence is the ability to adapt to change” – Stephen Hawkins
4. Create and Inspire Security Culture: The managing and maintain security is not only security teams or technology responsibility. The weakest link in the security chain is the users of technology. CISO needs to develop the security culture, inspire, motivate and influence users to follow security policies and procedures is another important skill CISO needs to have. He should be able to inspire his team to develop security newsletters, define security awareness training programs and take help of internal or external training agencies to execute it. CISO should have the goal of creating a culture where security is always at the top of mind of all users.
5. Analyzing issues and Solving Problems: Many times security controls and policies are considered as a hindrance to the ease of business. CISO needs to be able to analyze not only the security, regulatory requirements but also needs to analyze the business impact and should have the skill to walk the tightrope to solve the problem with keeping everybody’s stake intact.
6. Drive ROI and Results: This is the mandatory skill for any c suite executive, it becomes little tricky in terms of CISO role as security expenditure is mostly considered as a cost to the organization. Providing Return on Investment (ROI) for security is a difficult task as the results of security effeteness are intangible. CISO should take help of technology partners and industry peers to provide ROI and effectiveness of the security team. CISO should also have the skill to support and get help from other business units and peers in case of the crisis situation to reduce the impact of security breaches.
7. Powerful Communication Skills: This is one of the important skill CISO needs to acquire, as the job requires to communicate and convince C suite executives either to accept the risks or get the required budget approved, get acceptance from the peers for the security controls and other monitoring reporting requirements. Manage the relationship with technology vendor and regulators. CISO should master the skill of how, when and what to communicate to each of these stakeholders. Retaining the security team is another responsibility CISO has and that needs a different level of communication skills.
“The most important thing in communication is hearing what isn’t said” – Peter Drucker
8. Innovation: Businesses changing the way they operate faster than ever, BYOD, expectations of clients to get the information from anywhere, anytime from any platform, resolving boundaries between corporate and public zones are adding lots of pressure on CISOs to keep security posture intact and comply with the regulatory requirements. CISO must innovate new ways to improve security without compromising the customer experience.
9. Change Champion: As the old saying goes, change is the only constant thing. That is very true in case cybersecurity area, changes in business, dynamic attack vector, competitive and skilled attackers, to maintain the security in the mid of all these changes, CISO must become a change champion. He should e able to drive the change in most effective and efficient way.
10. Technical Expertise: Last but not the least. As the attack vector and attacks tools are changing so the defense technologies. CISO must keep themselves updated with emerging tools and technologies to make sure how they can utilize these tools and technologies to either automate the jobs and save the cost of sacred but highly paid security resources.
- Am I ready for getting into the most demanding and challenging role of CISO?
- Which skill do I have, which needs to be enhanced and which to be acquired?
- What leadership skills do I have to become a successful CISO?