Thursday, April 18, 2013

Jeff Snyder's Weekly Look Into What Makes a CISO / CSO Successful

I’m always looking for new ways in which I can use my position to bring value to the security profession. When I refer to my position, I’m simply referring to the position I occupy sitting between security, risk, compliance and privacy professionals and those who hire security, risk, compliance and privacy professionals. I constantly learn from the individuals I’m fortunate to work with every day so I've been thinking about how I can pass on some of what I learn for the benefit of others.

A few weeks ago I came up with the idea to leverage my position for the good of those who one day aspire to become a CISOs or CSO. For that matter, current CISOs or CSOs who are struggling might benefit from the advice of their successful peers.

The idea is pretty simple. I’ve begun reaching out to CISOs and CSOs to find out what they think the secret to their professional success is so I can share their secrets with those who wish to one day be a successful CISO or a CSO.

I hope you find this information to be helpful. I’ll try to post a new success secret every week as these points of view are shared with me.

How a CISO in the Publishing Industry views success

Becoming a successful CISO is not an easy task.  It is not something that happens without considerable effort.  But developing a few key skills will help to put you on the right path as you climb the security ladder. As a relatively newly minted CISO, these skills have helped pave the way for growth in my career.

Be Tenacious

Work hard and don't give up. My philosophy has always been "be the best in whatever job you are in and doors will open".  I always strive to be the best and provide the most value for my employers.  

Communicate well and often 

Communicate with stakeholders in the business. Repeat.  It is important to show the value of the security program to the business. By continuously doing so, you will gain credibility.  It is important to communicate with all levels of the business, from the boardroom to the mailroom.  I regularly post security bulletins and host security seminars for all employees. By demonstrating how why security is important in their personal lives, they case how the same applies for the business.

Build Relationships 

Relationships are very important and are essential for a successful career. In the publishing industry, we don't have the "Big stick" of regulatory compliance requirements.  Instead, I rely on my relationships to persuade my peers to adhere to our security standards. 

Be the "solution guy"

Avoid being seen as a roadblock. Sometimes the answer is "no". When it is, be sure to follow it with ".. but let’s see if we can come up with an workable solution".  It is important to collaborate with the business to come up with an acceptable solution.  Don't get in the way of the business or hamper their ability to get work done.  You want to be seen as an enabler, not an obstacle.

Make a difference

It is difficult to illustrate the bad things that your security program has prevented. I recommend maintaining a comprehensive security metrics program. This will help to illustrate the value you are adding to the organization. 

Mastering these skills should put you on the path to becoming a CISO and ensure that you succeed once you do.  

Care to Contribute?
If you are a CISO or CSO and you would like to contribute your thoughts, please call me so I can explain to you what I'd like to deliver to readers.


Jeff Snyder’ Security Recruiter Blog719.686.8810's Security Recruiter Blog