As I reflect on my career, I find myself contemplating what I would say to my 20 year-old self. What have I learned and what would I impart to others to grow the next generation of cybersecurity leaders?
Aspiring CISOs need to know this role starts with courage. It requires courage to develop the skills and take on the responsibilities that come with the job, and to learn the business. It requires courage to undertake a role that is relatively new and still evolving.
Role as First Responder
The #1 responsibility of a CISO is that of a first responder. We are here to defend and protect our respective companies – while we communicate risk to our leaders. We’re business leaders whose role is to help the company grow and meet its strategic objectives. That means taking actions that are necessary, but not always popular. It doesn’t mean being the “no” police, because we’ve worked hard to remove that stigma and to get as close to the business so we can help drive its success.
Courageous Conversations
To be a CISO, it’s important to develop the skills necessary to have courageous conversations with the board, executive leadership and other stakeholders. We are business leaders just as we are cyber leaders. This means we must be ready with elevated business acumen to understand the businesses we support, how they make money and the critical issues they face. Developing the right relationships in the business helps when courageous conversations are needed.
Sometimes people are accustomed to a certain approach or way of thinking. But the courageous call is to tell others how we see a situation differently. We’re calling out cybersecurity gaps or communicating about specific types of risk. The remediations that are needed may cause disruptions or slow down a business deal or transaction. While we work very hard to avoid disruptions, they may be inevitable. This is not a preferred place to be, but we need to stand by our decisions.
Prepare for the Role
Bring courage to the table. When deciding that being a CISO is your goal, gain the skills to be an active participant. This is a 24/7 job, and it comes with sacrifices. Bring your passion to work and be willing to support others. Knowledge and understanding of the business will boost credibility, and involvement in professional organizations will broaden your skill set.
Along the journey, there may be tough decision points. Engaging a mentor can be invaluable. For example, you may find a prospective role may not be quite right because the reporting structure presents questions or support is insufficient. Be courageous in your decision-making.
When the CISO is a Minority
The CISO community has few people from underrepresented populations. There are few women CISOs and not enough mentors out there to support them. It’s especially true for people of color.
If this is you, be sure your voice is heard. This takes courage. I’ve faced situations over the years when I am the only one in the room who looks like me, let alone a decision-maker who looks like me. While we are growing diverse representation in the CISO role, it is important to recognize just how courageous it is to be a Hispanic female, an African American female, Asian female or Indian female in the CISO role. We need to be courageous and committed to changing the culture so all can thrive. With the right skills and the right support system, we will see more women CISOs and CISOs of color who exemplify the skills and experience to make the tough calls.
The CISO role has been in existence since the mid-1990s, and because it’s such a new role, responsibilities continue to evolve. It takes courage to be a trailblazer in the rapidly changing cyber landscape. The path isn’t always black and white. It’s gray.
Hopefully the path of our successors will be a lot smoother, because they will learn from our experiences, and have the fortunate opportunity to see the development of the role over time.