Thursday, March 21, 2013

Jeff Snyder's Weekly Look Into What Makes a CISO / CSO Successful

I’m always looking for new ways in which I can use my position to bring value to the security profession. When I refer to my position, I’m simply referring to the position I occupy sitting between security, risk, compliance and privacy professionals and those who hire security, risk, compliance and privacy professionals. I constantly learn from the individuals I’m fortunate to work with every day so I've been thinking about how I can pass on some of what I learn for the benefit of others.

A few weeks ago I came up with the idea to leverage my position for the good of those who one day aspire to become a CISOs or CSO. For that matter, current CISOs or CSOs who are struggling might benefit from the advice of their successful peers.

The idea is pretty simple. I’ve begun reaching out to CISOs and CSOs to find out what they think the secret to their professional success is so I can share their secrets with those who wish to one day be a successful CISO or a CSO.

I hope you find this information to be helpful. I’ll try to post a new success secret every week as these points of view are shared with me.

How a CISO in the banking industry views success

"Being an effective CSO has little to do with your technical acumen as this expertise is expected.  The most successful CSO's have the ability to enable business units to accomplish  their goals while ensuring they are mitigating operational, legal, regulatory, and reputational risks. 

The effective CSO understands the business, becomes embedded in their decision making process, and develops a trusted-adviser status so when you must say "no", and articulate why, business leaders trust and value your opinion.  You must be able to take disparate state and federal regulatory guidance, litigation trends, a changing technical risk environment and develop them into a cohesive and executable strategy.

Effective CSO's do not lead through fear and uncertainty, using a litany of technical terms which is meaningless to a business leader – they map gaps in risk coverage to impact and probability to focus the discretionary efforts of business and technology to close those gaps in a prudent and manageable manner."

Care to Contribute?

If you are a CISO or CSO and you would like to contribute your thoughts, please call me so I can explain to you what I'd like to deliver to readers.

Jeff's Security Recruiter Blog