The CISO role is evolving and three skills stand out as critical: essentially, as a CISO you need to be an architect, an operator, and a connector – all at the same time.

This is what Harold Rivas, CISO at Trellix, shared in a recent article of his.

Being an Architect

“Being an architect means being a domain expert with deep technology skills and an ability to fuse business and technology priorities”, sais Mr. Rivas.

A technical background will help you, but you must also understand how technology enables business objectives. In my case, I started on the technical infrastructure side. I was a Sun Solaris SysAdmin and wanted to be a CCIE (Cisco Certified Internetwork Expert). Understanding technology at that level has served me well.

As important as the technology side is, I advise CISOs and aspiring CISOs to define themselves as something other than technical subject matter experts. Bring that as a skill, but the language you must speak around the boardroom with executives is the language of business. Invest early in your career to understand the business side. It will serve you for decades to come.

That leads to the second skill CISOs need to master, being an operator.

Being an Effective Operator

To be an effective operator, you’ll need to speak the language of your business and unite that with an understanding of what’s going on in the world.

The best CISOs can tie what they do to business objectives. You must understand your organization’s business operations, revenue sources, and industry norms to do that. And you need to understand what’s happening worldwide to know what factors affect your business and industry. I read at least five publications every morning. I look at international affairs, global politics, conflicts, elections, and anything that could influence the threat landscape or the business environment we operate in.

I came from the financial services industry. I needed to get to know the salespeople, partner with marketing, and become familiar with all the different departments. That’s how you understand the organization and what it drives to achieve.

Being an operator is a critical skill set for CISOs everywhere. I advise partnering up with your CFO and following methods like FAIR to quantify the potential impacts of cyber incidents in financial terms. As a CISO, you should have board-level conversations about operational availability, business resilience, impact on revenue, and protecting revenue, not necessarily the latest cyber threat actor—although there’s certainly a time and place for that.

This leads to the third—and probably most important—skill essential for CISOs to develop.

Being a Connector

You must be a connector—an independent, credible executive team member.

Being a connector means being an agent of change. A connector can effectively communicate the story of risk and use risk to one’s advantage. You have to be able to communicate outside the organization, often with regulators, policymakers, and customers. And you have to be an evangelist, in some sense.

For example, when the Biden Administration issued Executive Order 14028 on Improving the Nation’s Cybersecurity, it was essential to communicate and educate leadership across Trellix. As a CISO, I had to start conversations with executives across the organization and say that this affects our industry and many others providing security solutions to the U.S. federal government. In other organizations, I’ve had the opportunity to facilitate a simulated crisis exercise with executive leadership. That led to incredibly valuable dialog, as it helped the general counsel, COO, and others to see their part in managing cyber risk.

The last advice is that you need help doing this job. We should all crowdsource our defense and response strategy. For example, I have a dozen other CISOs on speed dial if I ever have a problem. As threats become more complex, it’s more important than ever to collaborate.

You can read the whole article here: https://www.trellix.com/blogs/perspectives/3-key-skills-you-need-to-succeed-as-a-ciso/

_______

If this information is helpful to you read our blog for more interesting and useful content, tips, and guidelines on similar topics. Contact the team of COMPUTER 2000 Bulgaria now if you have a specific question. Our specialists will be assisting you with your query. 

Content curated by the team of COMPUTER 2000 on the basis of news in reputable media and marketing materials provided by our partners, companies, and other vendors.

 

Follow us to learn more

CONTACT US

Let’s walk through the journey of digital transformation together.

By clicking on the SEND button you agree to the processing of personal data. In accordance with our Privacy Policy

10 + 15 =