Build the business skills to be a successful CISO

The Role of CISO

Build the business skills to be a successful CISO

For many cybersecurity professionals, the ultimate career goal is to land a chief information security officer (CISO) job. A CISO is an executive-level position responsible for cyber risk management and operations. But cybersecurity is transforming. Today, a good CISO also must have strong communication skills and a deep understanding of the business. To gain the necessary experience to be considered for a CISO job, you need to understand how the role is evolving and the skills required to excel.

Long before I became a Security Advisor at Microsoft, I started my career as an IT System Administrator. Over time I learned security and worked my way up to CISO and, have served as a CISO in a variety of companies and industries. I’ve mentored several people interested in accelerating their careers in cybersecurity, and one of the biggest mistakes that you can make in your career in IT and Security is ignoring businesspeople. The more you advance, the more you will need to understand and work with the business. In this blog, I’ll provide tips for helping you get more comfortable in that role.

From technologist and guardian to strategist and advisor

As organizations digitize their products, services, and operations to take advantage of the cloud, their ability to effectively leverage technology has become integral to their success. It has also created more opportunities for cybercriminals. Companies of all sizes have been forced to pay fines, suffered reputational harm, and expended significant resources recovering from an attack. A cyber incident isn’t just a technology risk; it’s a business risk. When making decisions, boards and executive teams now need to evaluate the likelihood of a data breach in addition to financial loss or operational risks. A good CISO helps them do this.

According to research by Deloitte, there are four facets of a CISO: the technologist, the guardian, the strategist, and the advisor. You are probably already familiar with the technologist and guardian roles. As a technologist, the CISO is responsible for guiding the deployment and management of security technology and standards. In the guardian role, the CISO monitors and adjusts programs and controls to continuously improve security.

But technical controls and standards will not eliminate cyberattacks and the CISO does not have control over all the decisions that increase the likelihood of a breach. Therefore the roles of strategist and advisor have taken on greater importance. As a strategist, the CISO needs to align security with business strategy to determine how security investments can bring value to the organization. As an advisor, the CISO helps business owners and the executive team understand cybersecurity risks so that they can make informed decisions. To excel at these roles, it’s important to get knowledgeable about the business, understand risk management, and improve your communication skills.

Cybersecurity leadership
Cybersecurity leadership

Acquiring the skills to become a good strategist and advisor

If you are already in the cybersecurity profession and interested in growing into a CISO role, you are probably most comfortable with the technologist and guardian roles. You can elevate your technical skills by trying to get experience and certifications in a variety of areas, so that you understand threat analysis, threat hunting, compliance, ethical hacking, and system auditing, but also find time to work on the following leadership skills.

  • Understand the business: The most important step you can take to prepare yourself for an executive-level role is to learn to think like a businessperson. Who are your customers? What are the big opportunities and challenges in your industry? What makes your company unique? What are its weaknesses? What business strategies drive your organization? Pay attention to corporate communications and annual reports to discover what leadership prioritizes and why they have made certain decisions. Read articles about your industry to get a broader perspective about the business environment and how your company fits in. This research will help you make smarter decisions about how to allocate limited resources to protect company assets. It will also help you frame your arguments in a way the business can hear. For example, if you want to convince your organization to upgrade the firewall, they will be more convinced if you can explain how a security incident will affect the company’s relationship with customers or investors.
  • Learn risk management: Smart companies routinely take strategic risks to advance their goals. Businesses seize opportunities to launch new products or acquire a competitor that will make them more valuable in the market. But these decisions can result in failure or huge losses. They can also put the company at risk of a cyberattack.Risk management is a discipline that seeks to understand the upsides and downsides of action and eliminate or mitigate risks if possible. By comparing the likelihood of various options, the return on investment if the venture is successful, and the potential loss if it fails, managers can make informed decisions. CISOs help identify and quantify the cybersecurity risks that should be considered alongside financial and operational risks.
  • Improve your communication skills: To be a good advisor and strategist, you will need to communicate effectively with people with a variety of agendas and backgrounds. One day you’ll need to coach a very technical member of your team, the next you may need to participate in a business decision at the executive level or even be asked to present to the board of directors.A communication plan can help you refine your messages for your audience. To begin practicing these skills now, try to understand the goals of the people you talk to on a regular basis. What are their obstacles? Can you frame security communications in terms that will help them overcome those challenges? Take a moment to put yourself in someone else’s shoes before meetings, hallway conversations, emails, and chats. It can make a real difference!

A good communication plan delivers targeted security messages:A chart showing a good communication plan.
In recent years, the role of the CISOs has been elevated to a senior executive that the board counts on for strategic security advice. In fact, we should rename the position, Chief Influencer Security Officer! Building leadership skills like risk management and communication will help you step into this increasingly important role.

As you embark on the career journey of CISO, it is always good to get a perspective from other CISOs in the Industry and lessons they have learned.   Please feel free to listen to the podcast on my journey from System Administrator to CISO and watch our CISO spotlight episodes where our Microsoft CISO talks about how to present to the board of directors along with other tips and lessons learned.

To learn more about Microsoft Security solutions visit their website.

To read more Cybersecurity leadership articles , click here 

Cybersecurity Leadership Demystified
Cybersecurity Leadership Demystified

To buy from Amazon : Click here

 

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

CISO Magazine Cybersecurity Excellence Awards

CISO Magazine Cybersecurity Excellence Awards – 2019

CISO Magazine Cybersecurity Excellence Awards I am pleased to announce that I have been nominated by EC-Council 's  CISO MAG to be part of the... read more
Hiring

Hiring Presales Consultant in India !Don’ miss this great opportunity 2021

Hiring Presales Consultant in India Our team at Comodo growing. This time I am hiring a Presales Consultant in India. Don'... read more
GEC Security Symposium and CISO Awards

GEC Security Symposium and CISO Awards 2019 UAE

 GEC Security Symposium and CISO Awards I am proud to announce that I will be speaking at GEC Security Symposium &... read more
2022 Global Top 100 Leaders in Information Security

2022 Global Top 100 Leaders in Information Security

2022 Global Top 100 Leaders in Information Security I am thrilled to announce that I have been selected to be in... read more
2nd Middle East Cybersecurity Forum Dr Erdal Ozkaya

2nd Middle East Cybersecurity Forum – Free registration

Middle East Cybersecurity Forum ( 2nd  ) Critical infrastructure assets, systems, and networks, whether physical or virtual which are considered so... read more
Vendor Risk Management Asia Summit Dr Erdal Ozkaya

Vendor Risk Management Asia Summit 2021

Vendor Risk Management Asia 2020  The adversaries are adapting and increasingly focusing their attacks via indirect channels through third parties and... read more
DX Inspire Award 2022 Dr Erdal Ozkaya

DX Inspire Award – 2022 Better together

DX Inspire Award I am extremely honored to announce that Global CISO Forum has awarded me with the prestigious DX Inspire... read more
Phishing

How to protect yourself from phishing ? 6 Effective Tips

How to protect yourself from phishing ? A phishing attack is an attack vector that cybercriminals use it mainly for identity... read more
Future of AI in Cyber Security Dr erdal Ozkaya

Future of AI in Cyber Security Free Video 2020

Future of AI in Cyber Security amidst COVID 19 | Discussion Panel Watch here : https://youtu.be/E-iuf6w3f0w   DR. ERDAL OZKAYA - Managing Director/ Head... read more

Windows 10 H2 Update – get it now

Windows 10 H2 Update Update  as 19 November , thank you for reaching out and notifying me the images are missing...... read more