Tuesday, July 23, 2013

CISO Leadership, What does it Look Like?

In my quest to gain a deeper understanding of leadership, what works and what doesn't work, I constantly do research.  I recently shared a conversation with a very successful CISO whose career I’ve followed for over a decade.  I asked if he thinks the security profession has gotten better about delivering business value and presenting risk in a more palatable way over the past 10 years since I first met him.
He thinks it is getting better but he thinks there is still a lot of room to grow.

Align Security with Corporate Goals

This CISO’s practice has been to align security with corporate goals.  The CISO emphasized that risk is all too often explained in technical terms when it needs to be explained in business terms.  Explaining risk in business terms has not always come naturally to this CISO as his undergraduate education is in Physics.

Light Bulb Moment

There was a point in his career while reporting to the CEO of his last employer where this CISO had a light bulb moment of sorts.  Something occurred in a conversation with the CEO that caused this CISO to recognize that he needed to become more proactive than he had been in the past about acquiring knowledge that would help him to better understand what it might be like to walk in the shoes of a COO, CFO or maybe a CEO.

Never Stop Learning

I can’t share too much about this CISO’s credentials or someone will recognize who I’m writing about.  What I can share is that this CISO has in recent years completed a Master’s Degree in Information Security.  Not just any Master’s degree but a degree that is balanced between security topics and the kinds of topics that would be covered in an MBA program.  This CISO recognized that his Physics education did nothing to teach him about profit and loss and balance sheets, those topics that his “C” suite colleagues care most about.

Credibility and Trust

Our conversation moved on to the topic of credibility.  I asked the CISO to tell me how he has gone about building credibility.  The CISO suggested that he has learned that if you don’t listen and if as a security professional you have the habit of scaring people, you’ll never build credibility.  He suggested that he works very hard to make his words and actions connect so that those who have to work with him can always have confidence that what they've just heard from the CISO is truth and they never have to interpret what they've just head.

CISO Leadership

One of the topics I’m passionate about, and yes, I’m passionate about many things, is the topic of CISO Leadership.  Starting in September, I’ve been asked to lead CISO round table discussions.  I’ll share more about this new venture as details become clearer.  Suffice to say that I’m working with some really smart people who as I’ve recently discovered, share my passion for helping the security profession reach a new level of credibility in the corporate realm.

Jeff Snyder’s Security Leadership Coach, Security Recruiter Blog 719.686.8810

SecurityRecruiter.com's Security Recruiter Blog