As the digital economy has grown and changed, cybersecurity has become an integral part of operating nearly any successful business. The Chief Information Security Officer (CISO) is at the forefront of the modern cybersecurity organization, and CISOs have to adapt to the changing times in front of them. It used to be that the path to becoming a CISO primarily involved demonstrating your technical chops in the trenches, becoming the security de-facto leader for an organization and eventually claiming the role of the official cybersecurity executive. Modern CISOs are more involved with the business in which they exist than the technology their teams’ use. At the same time, cybersecurity has more visibility than ever in the boardroom. What skills does the modern CISO need to bring to the table in order to be successful? Here are the top five that I’ve gathered from my conversations with CISOs around the world.
5. Ambition
The CISO job isn’t for everyone, just like any other executive role isn’t for everyone. The modern CISO is more than an executive in name only, and the position requires someone who wants to be an executive. This is a position with responsibility, risk and reward. If you’re not looking for the potential stress and challenges that an executive role brings, there’s no shame in focusing on what you do want.
4. Technical Chops
Being a CISO is still, at its foundation, a technical discipline. CISOs may not need to have hands-on keyboards any more, but they do need to be able to understand and make decisions about technical topics. It’s difficult to defend against attacks that you don’t understand, and even if you have a team of technically talented people supporting you, you still need to be able to meaningfully lead and participate in technical discussions. Additionally, as we move into an era of analytics and artificial intelligence for security, the CISO needs to understand these topics and be articulate in explaining them.
There’s no silver bullet for cybersecurity, but there are plenty of vendors who might want to sell you one. The CISO has to be technical enough to quickly separate the wheat from the snake oil.
3. Empathy
It is not the job of cybersecurity to deliver perfectly secure systems. It’s cybersecurity’s job to allow the organization to deliver its service or product within its own level of risk tolerance. That realization is a major turning point in the digital economy, and running a cybersecurity organization that delivers on that mission requires empathy. Empathy is what allows a CISO to effectively connect with the business leaders, customers and employees that ultimately determine what that right level of risk tolerance is. Without empathy, cybersecurity becomes the department of ‘no.’
2. Communication Skills
The modern CISO is fundamentally a translator who can ensure that the protections put in place are aligned with the goals of the business. In order to do that effectively, the CISO needs the ability to communicate effectively with a variety of different people. They need to cross the divide between technical and business audiences. They need to be able to not only deliver a presentation but also communicate effectively in more inter-personal situations. A CISO who can’t communicate effectively simply won’t last long.
1. Financial Fluency
The modern CISO is as much a business leader as a technical leader. In order to fulfill their responsibilities, they must be able to not only understand but also lead discussions on financial topics relevant to the business. More than any other skill, financial fluency is truly a requirement for the modern CISO. We’ve been past IT security being the department of ‘no’ for a long time, but the modern CISO is also an asset to the business, enabling other leaders to intelligently take risks and contributing directly to the financial discussions about those risks. If you want to learn more about these skills and why they’re important, or if you want to hear some alternative views, join Thom Langford and I for the “Modern Skills for Modern CISOs” webinar on September 10th at 10AM PT. Register here: https://info.tripwire.com/register-Modern-Skills-for-Modern-CISOs.
