Build the business skills to be a successful CISO

The Role of CISO
02Sep
By Cybersecurity Leadership, General , 0 Comments

Build the business skills to be a successful CISO

For many cybersecurity professionals, the ultimate career goal is to land a chief information security officer (CISO) job. A CISO is an executive-level position responsible for cyber risk management and operations. But cybersecurity is transforming. Today, a good CISO also must have strong communication skills and a deep understanding of the business. To gain the necessary experience to be considered for a CISO job, you need to understand how the role is evolving and the skills required to excel.

Long before I became a Security Advisor at Microsoft, I started my career as an IT System Administrator. Over time I learned security and worked my way up to CISO and, have served as a CISO in a variety of companies and industries. I’ve mentored several people interested in accelerating their careers in cybersecurity, and one of the biggest mistakes that you can make in your career in IT and Security is ignoring businesspeople. The more you advance, the more you will need to understand and work with the business. In this blog, I’ll provide tips for helping you get more comfortable in that role.

From technologist and guardian to strategist and advisor

As organizations digitize their products, services, and operations to take advantage of the cloud, their ability to effectively leverage technology has become integral to their success. It has also created more opportunities for cybercriminals. Companies of all sizes have been forced to pay fines, suffered reputational harm, and expended significant resources recovering from an attack. A cyber incident isn’t just a technology risk; it’s a business risk. When making decisions, boards and executive teams now need to evaluate the likelihood of a data breach in addition to financial loss or operational risks. A good CISO helps them do this.

According to research by Deloitte, there are four facets of a CISO: the technologist, the guardian, the strategist, and the advisor. You are probably already familiar with the technologist and guardian roles. As a technologist, the CISO is responsible for guiding the deployment and management of security technology and standards. In the guardian role, the CISO monitors and adjusts programs and controls to continuously improve security.

But technical controls and standards will not eliminate cyberattacks and the CISO does not have control over all the decisions that increase the likelihood of a breach. Therefore the roles of strategist and advisor have taken on greater importance. As a strategist, the CISO needs to align security with business strategy to determine how security investments can bring value to the organization. As an advisor, the CISO helps business owners and the executive team understand cybersecurity risks so that they can make informed decisions. To excel at these roles, it’s important to get knowledgeable about the business, understand risk management, and improve your communication skills.

Cybersecurity leadership
Cybersecurity leadership

Acquiring the skills to become a good strategist and advisor

If you are already in the cybersecurity profession and interested in growing into a CISO role, you are probably most comfortable with the technologist and guardian roles. You can elevate your technical skills by trying to get experience and certifications in a variety of areas, so that you understand threat analysis, threat hunting, compliance, ethical hacking, and system auditing, but also find time to work on the following leadership skills.

  • Understand the business: The most important step you can take to prepare yourself for an executive-level role is to learn to think like a businessperson. Who are your customers? What are the big opportunities and challenges in your industry? What makes your company unique? What are its weaknesses? What business strategies drive your organization? Pay attention to corporate communications and annual reports to discover what leadership prioritizes and why they have made certain decisions. Read articles about your industry to get a broader perspective about the business environment and how your company fits in. This research will help you make smarter decisions about how to allocate limited resources to protect company assets. It will also help you frame your arguments in a way the business can hear. For example, if you want to convince your organization to upgrade the firewall, they will be more convinced if you can explain how a security incident will affect the company’s relationship with customers or investors.
  • Learn risk management: Smart companies routinely take strategic risks to advance their goals. Businesses seize opportunities to launch new products or acquire a competitor that will make them more valuable in the market. But these decisions can result in failure or huge losses. They can also put the company at risk of a cyberattack.Risk management is a discipline that seeks to understand the upsides and downsides of action and eliminate or mitigate risks if possible. By comparing the likelihood of various options, the return on investment if the venture is successful, and the potential loss if it fails, managers can make informed decisions. CISOs help identify and quantify the cybersecurity risks that should be considered alongside financial and operational risks.
  • Improve your communication skills: To be a good advisor and strategist, you will need to communicate effectively with people with a variety of agendas and backgrounds. One day you’ll need to coach a very technical member of your team, the next you may need to participate in a business decision at the executive level or even be asked to present to the board of directors.A communication plan can help you refine your messages for your audience. To begin practicing these skills now, try to understand the goals of the people you talk to on a regular basis. What are their obstacles? Can you frame security communications in terms that will help them overcome those challenges? Take a moment to put yourself in someone else’s shoes before meetings, hallway conversations, emails, and chats. It can make a real difference!

A good communication plan delivers targeted security messages:A chart showing a good communication plan.
In recent years, the role of the CISOs has been elevated to a senior executive that the board counts on for strategic security advice. In fact, we should rename the position, Chief Influencer Security Officer! Building leadership skills like risk management and communication will help you step into this increasingly important role.

As you embark on the career journey of CISO, it is always good to get a perspective from other CISOs in the Industry and lessons they have learned.   Please feel free to listen to the podcast on my journey from System Administrator to CISO and watch our CISO spotlight episodes where our Microsoft CISO talks about how to present to the board of directors along with other tips and lessons learned.

To learn more about Microsoft Security solutions visit their website.

To read more Cybersecurity leadership articles , click here 

Cybersecurity Leadership Demystified
Cybersecurity Leadership Demystified

To buy from Amazon : Click here

 

Share this post

Author

Named among Top 50 Technology Leaders 2021 by CIO Online & IDC, working with an ardent passion for raising cyber awareness and leveraging new & innovative approaches. He is committed to the delivery of accurate, accessible resources to inform individuals and organizations of cybersecurity and privacy matters in the internet age. Dr Erdal is a collaborative team leader with the key areas of his expertise spanning end-to-end IT solutions, management, communications, and innovation. In addition, he is a well-known public speaker, an award-winning technical expert, a book author, and writer of certifications (courseware and exams) for prestigious organizations such as Microsoft, EC Council, and other expert-level vendors. Some of his recent awards are: 2021: Best CISO for Banking and Financial Sector CIO Online & IDC : Top 50 Technology Leaders, Security Magazine Top CISO, Tycoon Success Magazine, Most Powerful 10 Middle East Businessman EC Council CEH Hall of Fame 2020: Khaleej Times "CISO Power List" , Cybersecurity Legend by GEC Media Group, "Super Hero CISO", by Enterprise IT Top CISO by Security ME Magazine 2019: CISO Mag " Hall of Fame" and Cybersecurity Influencer of the year , Microsoft Regional Director 2018 : NATO Center of Excellence Award 2017: Microsoft Platinum Club (employee of the year ), Security Professional of the year and more...

Leave a Reply

Your email address will not be published.

Related Posts

Cybersecurity Titles For Your Bookshelf
29Apr

11 Cybersecurity Titles For Your Bookshelf

11 Cybersecurity Titles For Your Bookshelf Solutions Review presents the latest in Cybersecurity Titles and Books you need to add to... read more

IT Auditing
02Sep

IT auditing, Risk Management and Incident Handling – Part 1

IT auditing , Risk Management and Incident Handling Organizations today have to live with constant pressure to secure their organizations from cyber... read more

Mercedes Benz AMG Data Breach
07Jul

Mercedes Benz AMG Data Breach 2021

 Mercedes Benz AMG Data Breach I regret to inform all of you that I just received an email from Mercedes Benz... read more

SECURITY POLICY erdal
01Oct

SECURITY POLICY – empower your knowledge N0W

SECURITY POLICY - IT SECURITY POLICY The essence of an IT security policy is to establish guidelines and standards for accessing... read more

Outlook keeps asking for a password
03May

Outlook keeps asking for a password? The FREE fix you are waiting 4

Outlook keeps asking for a password If you care about your Security, then you need to take an extra step and... read more

Learn Social Engineering with Dr Erdal Ozkaya Foreword by Troy Hunt
06May

6 Best New Social Engineering Books To Read In 2019

6 Best New Social Engineering Books To Read In 2019 I'm happy to announce that my book, "Learn Social Engineering: Use... read more

TechTarget CISO Erdal
08Apr

Why CISOs need to understand the business –

Why CISOs need to understand the business While CISOs need technical skills, business skills help them push their team's agenda and... read more

Security and Privacy in Communications Networks Dr Erdal Ozkaya
03Feb

19 Best New Cybersecurity Books To Read In 2019

19 Best New Cyber Security Books To Read In 2019 Security and Privacy in Communications Networks About The book: As featured on... read more

Hiring
03Sep

I am hiring Head of Information and Cybersecurity for Pakistan -2020

Head of Information and Cybersecurity for Pakistan  I am hiring the Head of Information & Cybersecurity for Pakistan, who will be... read more

FluBot Android Malware Technical Analysis
21Sep

FluBot Android Malware Technical Analysis – Indepth Free guide

FluBot Android Malware Technical Analysis This great article was published originally at ThreatMonIT web site, and I wanted to ensure you... read more