Thursday, March 28, 2013

Jeff Snyder's Weekly Look Into What Makes a CISO / CSO Successful


I’m always looking for new ways in which I can use my position to bring value to the security profession. When I refer to my position, I’m simply referring to the position I occupy sitting between security, risk, compliance and privacy professionals and those who hire security, risk, compliance and privacy professionals. I constantly learn from the individuals I’m fortunate to work with every day so I’ve been thinking about how I can pass on some of what I learn for the benefit of others.

A few weeks ago I came up with the idea to leverage my position for the good of those who one day aspire to become a CISOs or CSO. For that matter, current CISOs or CSOs who are struggling might benefit from the advice of their successful peers.

The idea is pretty simple. I’ve begun reaching out to CISOs and CSOs to find out what they think the secret to their professional success is so I can share their secrets with those who wish to one day be a successful CISO or a CSO.

I hope you find this information to be helpful. I’ll try to post a new success secret every week as these points of view are shared with me.

How a CISO in the banking industry views success

"To be a great security analyst you need to be able to understand the technical aspects of information security, and how they relate to the way your company does business, in order to design the security programs and processes that will secure your company’s information.  To be a terrific security manager you need to be able to take that understanding of technology and your business’ risk appetite and apply that knowledge to direct others in implementing and maintaining the appropriate security infrastructure and practices.  Those technical and security skills you’ve focused on and built your career around will only take you so far though.

The secret to being a successful CISO is in knowing how to hire / build a team of great security analysts and terrific security managers and how to create relationships with them that ensure that they can carry out their roles effectively and allow you the ability to develop the relationships to ensure they have the resources and support they need. 

This will involve the CISO building relationships with the businesses whose goals the CISO is supporting in order to get them to integrate security into their business processes and applications.  In addition as CISO you have to build relationships with the senior management and board members, for whom you will have to translate all of the technical and risk details into business relevant points in order to obtain funding for the initiatives that will allow you to advance your security program to try and keep pace with the germane parts of ever changing security landscape.

For me relationships do not come easily.  My natural tendency is to focus on facts and the completion of tasks and I could easily spend all day interacting primarily with machines.  Thanks to a wonderful friend who took me to task for reducing one of the men on a help desk I was managing to tears, I learned how important people and relationships were to getting a team to communicate and work effectively together. 

At the executive level much of what you are able to accomplish isn’t a result of your technical skills, it comes from your ability to create relationships that allow you to work collaboratively with your subordinates, your peers and your management and Board of Directors.  The ability to develop relationships is key to your continued career growth and especially important when an executive switches firms and leaves behind all of the “good will” that contributed to previous success; entering a role in new firm where they have few if any existing relationships  to rely on!"

Care to Contribute?
If you are a CISO or CSO and you would like to contribut your thoughts, please call me so I can explain to you what I'd like to deliver to readers.

Thanks,
Jeff
 
Jeff Snyder’s SecurityRecruiter.com Security Recruiter Blog 719.686.8810

SecurityRecruiter.com's Security Recruiter Blog