The position of Chief Information Security Officer (CISO) is a crucial one within an organization, as the role calls for "superhero"-like responsibilities. CISOs are the executives responsible for stopping the thousands of hackers who may be out there attempting to breach businesses around the clock. To accomplish this challenging work, CISOs will be best equipped if they bring the following three types of skills to the job.
Becoming a CISO is the culmination of a series of career advancements. Sometimes this means a reduction in time actually spent studying technology. However, a solid understanding of cybersecurity is necessary in order to establish and implement security-related policies, manage incident response teams, and oversee forensics investigations, among other duties.
There are many routes CISOs can choose to improve their technical knowledge. One path is to study up on solutions such as managed security services. EiQ has several resources, including case studies, data sheets, and whitepapers. Webinars on SIEM can be especially helpful. Another path is to use downtime to take a refresher class at a MOOC (Massive Online Open Course) resource such as Coursera, which offers many cybersecurity classes for free.
According to a 2016 Sans Institute paper, today's CISO needs interpersonal skills in order to convince others in the boardroom to support their cybersecurity vision. That might require the same sorts of abilities usually possessed by people working in sales. A CISO should imagine the CEO and the rest of the C-suite as customers, find out what they need, and present ways to fill those needs. They generally need to know how projects will increase profitable growth for the company.
A CISO who can build the relationships necessary to pitch cybersecurity proposals in ways that resonate with others has a better chance of success than one who cannot. It's crucial for the CISO to build relationships with senior executives, the board of directors, and other high-level decision-makers across the company.
For senior executives, the CISO can ask questions such as "If you were in the CISO role, what would you focus on first?" rather than demonstrating their own technical proficiency. For the board of directors, the CISO should find out what legal and regulatory compliance issues they might be concerned about. Finally, with various decision-makers, a CISO can create opportunities to discuss the "CIA Triad": the Confidentiality, Integrity, and Availability of the organization's information access and resources.
Gaining the support of C-suite executives can also mean more data sharingregarding hacks throughout the industry. Doing so can improve the quality of knowledge available to any employee working in cybersecurity.
Leadership abilities are perhaps the hardest to define. Leadership can be more about attitude than aptitude, and strong leadership skills can be developed in any industry—not just cybersecurity. Some industry knowledge can be built on the job, but a potential CISO must possess strong leadership skills from Day 1. That means having confidence and conviction in what you do as well as a willingness to listen to and consider the contributions of others. After all, a leader can't be effective if they don't have the commitment of a good team behind them.
Becoming a Chief Information Security Officer (CISO) is not just about having top knowledge about current cybersecurity offerings and trends. Technical knowledge is still important to have, but it must be combined with robust interpersonal and leadership skills in order to gain and succeed in the role.
Photo: bikeriderlondon / Shutterstock.com