The Role of CISO

Build the business skills to be a successful CISO

For many cybersecurity professionals, the ultimate career goal is to land a chief information security officer (CISO) job. A CISO is an executive-level position responsible for cyber risk management and operations. But cybersecurity is transforming. Today, a good CISO also must have strong communication skills and a deep understanding of the business. To gain the necessary experience to be considered for a CISO job, you need to understand how the role is evolving and the skills required to excel.

Long before I became a Security Advisor at Microsoft, I started my career as an IT System Administrator. Over time I learned security and worked my way up to CISO and, have served as a CISO in a variety of companies and industries. I’ve mentored several people interested in accelerating their careers in cybersecurity, and one of the biggest mistakes that you can make in your career in IT and Security is ignoring businesspeople. The more you advance, the more you will need to understand and work with the business. In this blog, I’ll provide tips for helping you get more comfortable in that role.

From technologist and guardian to strategist and advisor

As organizations digitize their products, services, and operations to take advantage of the cloud, their ability to effectively leverage technology has become integral to their success. It has also created more opportunities for cybercriminals. Companies of all sizes have been forced to pay fines, suffered reputational harm, and expended significant resources recovering from an attack. A cyber incident isn’t just a technology risk; it’s a business risk. When making decisions, boards and executive teams now need to evaluate the likelihood of a data breach in addition to financial loss or operational risks. A good CISO helps them do this.

According to research by Deloitte, there are four facets of a CISO: the technologist, the guardian, the strategist, and the advisor. You are probably already familiar with the technologist and guardian roles. As a technologist, the CISO is responsible for guiding the deployment and management of security technology and standards. In the guardian role, the CISO monitors and adjusts programs and controls to continuously improve security.

But technical controls and standards will not eliminate cyberattacks and the CISO does not have control over all the decisions that increase the likelihood of a breach. Therefore the roles of strategist and advisor have taken on greater importance. As a strategist, the CISO needs to align security with business strategy to determine how security investments can bring value to the organization. As an advisor, the CISO helps business owners and the executive team understand cybersecurity risks so that they can make informed decisions. To excel at these roles, it’s important to get knowledgeable about the business, understand risk management, and improve your communication skills.

Cybersecurity leadership
Cybersecurity leadership

Acquiring the skills to become a good strategist and advisor

If you are already in the cybersecurity profession and interested in growing into a CISO role, you are probably most comfortable with the technologist and guardian roles. You can elevate your technical skills by trying to get experience and certifications in a variety of areas, so that you understand threat analysis, threat hunting, compliance, ethical hacking, and system auditing, but also find time to work on the following leadership skills.

  • Understand the business: The most important step you can take to prepare yourself for an executive-level role is to learn to think like a businessperson. Who are your customers? What are the big opportunities and challenges in your industry? What makes your company unique? What are its weaknesses? What business strategies drive your organization? Pay attention to corporate communications and annual reports to discover what leadership prioritizes and why they have made certain decisions. Read articles about your industry to get a broader perspective about the business environment and how your company fits in. This research will help you make smarter decisions about how to allocate limited resources to protect company assets. It will also help you frame your arguments in a way the business can hear. For example, if you want to convince your organization to upgrade the firewall, they will be more convinced if you can explain how a security incident will affect the company’s relationship with customers or investors.
  • Learn risk management: Smart companies routinely take strategic risks to advance their goals. Businesses seize opportunities to launch new products or acquire a competitor that will make them more valuable in the market. But these decisions can result in failure or huge losses. They can also put the company at risk of a cyberattack.Risk management is a discipline that seeks to understand the upsides and downsides of action and eliminate or mitigate risks if possible. By comparing the likelihood of various options, the return on investment if the venture is successful, and the potential loss if it fails, managers can make informed decisions. CISOs help identify and quantify the cybersecurity risks that should be considered alongside financial and operational risks.
  • Improve your communication skills: To be a good advisor and strategist, you will need to communicate effectively with people with a variety of agendas and backgrounds. One day you’ll need to coach a very technical member of your team, the next you may need to participate in a business decision at the executive level or even be asked to present to the board of directors.A communication plan can help you refine your messages for your audience. To begin practicing these skills now, try to understand the goals of the people you talk to on a regular basis. What are their obstacles? Can you frame security communications in terms that will help them overcome those challenges? Take a moment to put yourself in someone else’s shoes before meetings, hallway conversations, emails, and chats. It can make a real difference!

A good communication plan delivers targeted security messages:A chart showing a good communication plan.
In recent years, the role of the CISOs has been elevated to a senior executive that the board counts on for strategic security advice. In fact, we should rename the position, Chief Influencer Security Officer! Building leadership skills like risk management and communication will help you step into this increasingly important role.

As you embark on the career journey of CISO, it is always good to get a perspective from other CISOs in the Industry and lessons they have learned.   Please feel free to listen to the podcast on my journey from System Administrator to CISO and watch our CISO spotlight episodes where our Microsoft CISO talks about how to present to the board of directors along with other tips and lessons learned.

To learn more about Microsoft Security solutions visit their website.

To read more Cybersecurity leadership articles , click here 

Cybersecurity Leadership Demystified
Cybersecurity Leadership Demystified

To buy from Amazon : Click here

 

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Comodo Leadership - CISO

Joining Comodo as CISO (Great news for me 2021)

Joining Comodo Cybersecurity as CISO I am really happy to announce that I will be a part of the Comodo family. I am... read more
What is Zero Trust Network

Zero Trust Network Security

Zero Trust Network Security If you remember later 90's early 2000's everything was based on "default allow" , which was abused ... read more
Google

What Google knows about you

What Google knows about you A good friend of mine Gary Duffuiled a MCLC, from the UK has shared a very... read more
A CISOs End to End Security Operations

A CISOs End to End Security Operations (all in 1)

A CISOs End to End Security Operations In this article you will learn what a CISO does daily: Leading auditing and compliance... read more
CISO Workshop​ empower yourself

CISO Workshop​ empower yourself -Soon 4 FREE

CISO Workshop​ empower yourself I am proud to announce that I will be working with the Microsoft Security team to deliver... read more
OpenEDR Fundamentals

Free EDR Certification Training

Free EDR Certification Training Endpoint detection and response or EDR solution is an endpoint security solution that monitors end-user devices... read more
Cybersecurity Regulations

New Cybersecurity Regulations 2 follow

New Cybersecurity Regulations New Cybersecurity Regulations Are Coming. Here’s How to Prepare. Credit : HBR , by Stuart Madnick read it directly... read more
All I Want for Christmas Is Ransomware

All I Want for Christmas Is Ransomware – Great Tips 2 learn

All I Want for Christmas Is Ransomware It has become an annual occurrence. Every year, pre-Thanksgiving up to the Christmas period, organizations... read more
Cyber Sentinel Award 2020 Global

Cyber Sentinel Award 2020 Global

Global Cyber Sentinel Award winner Dr Erdal Ozkaya Great way to close the year and an honor to be given “Cyber... read more
Future of AI in Cyber Security Dr erdal Ozkaya

Future of AI in Cyber Security Free Video 2020

Future of AI in Cyber Security amidst COVID 19 | Discussion Panel Watch here : https://youtu.be/E-iuf6w3f0w   DR. ERDAL OZKAYA - Managing Director/ Head... read more