Introduction
Whether or not you care about being the life of the party, the role of CISO demands more than just
technical skills. It also requires the ability to understand business needs, build cross-functional support
and mentor the next generation of security leaders. These soft skills arent always easy for security
practitioners. As one Wisegate CISO explains,
By exchanging strategies and tips with their peers, Wisegate Members are investing in themselves, proactively improving their management skills and growing as IT leaders. In this report,
Wisegate makes available veteran CISOs leadership strategiesthat are typically shared only
between Wisegate Membersto the wider IT security community with advice in 4 key
areas:
Understanding the importance of soft skillsWhat leadership skills are
necessary for CISOs and can those skill be learned?
Building influence and alliances within the organizationHow
CISOs build cooperation and collaboration across the organization
(even if they lack executive authority).
Mastering the art of effective communicationStrategies CISOs can
use to clearly make their point and sell their vision to the business.
Identifying and mentoring future security leadersWhy its important
for CISOs to find and develop new security leaders within their team.
It was very much a learning experience when I hit the CISO level to
find out that I needed to play nice with others in the sandbox. Not
that I never did before, but its a game-changer most certainly.
A recent survey of
Wisegate Members ranked
Collaboration, Strategic
Thinking and Influence as
the most important skills for
security leaders.
It undoubtedly takes a special type of person to successfully step into the role of CISO. A Wisegate
Member describes the many hats he wears in the role of CISO as,
I feel like were part politician, part therapist, and part lawyer.
The acquisition of soft skills isnt always easy or comfortable for all security practitioners but with
commitment the necessary skills can be mastered. As a veteran CISO notes,
I had to learn through my career to get away from my desk, and go talk
to people. Its taken a number of years, but now people who just meet me
classify me as an extrovert.
Its necessary to build alliances within the organization so that you build
a rapport with these people, and understand whats important to them.
As soon as you start supporting them, theyre going to turn around and
support you.
Success Tips
Building alliance within the organization is no easy task, but Wisegate Members offer the following 4 success tips:
Key to Success:
Cut updates down to the most essential points and
communicate in a concise manner.
Key to Success:
Figure out how security can support the goals and
initiatives of the business people you are working with.
A Healthcare CISO explains,
7 Communication Strategies
Strategy #3: Understand
the importance of sales and
marketing
Sometimes the CISO role requires sales and
marketing. If a business audience doesnt get the need
for security, it might be necessary to sell them on
security first, before getting to the main point of the
paper or presentation.
A Local Government CISO says,
7 Communication Strategies
Strategy #5: Clarify your message
7 Communication Strategies
Strategy #7: Keep their attention
For live presentations, it may be fun to create a detailed PowerPoint
presentation, but that can work against you. In most cases, people
dont want to wade through too much detail.
The Senior Security Manager for a Global Consumer Electronics
Firm states,
Spend time with these promising folks. Take a look at their skills,
just in inventory, and help them with the skillsets they might need
assistance with.
Heres how Wisegate Members help develop the skills of their future leaders:
Communication SkillsFor those who are not naturally great speakers, several of the
CISOs recommended participating in Toastmasters. To improve written presentations,
college and online business writing courses can help.
Business ClassesI recommend others to take some basic business courses, says one
CISO. Its not that you have to go after another degree, but you need to understand the
basics.
Learning by ExperienceI let them handle some day-to-day situations, says a Healthcare
CISO. Theyre going to learn by the incidents that come up in order to develop the toolkit
they need.
A good way to get in the door Its a basic requirement if youre talking to a recruiter
and an HR person, because those are the keywords theyre looking for, says a Financial
Services Security Executive. Lack of certification makes you stand out and you will have
people questioning why you didnt put in the effort to sit for a six-hour exam for this
CISSP.
CISM maybe more valuable than CISSP for CISOsOf the CISSP and CISM, the
CISM was viewed as more valuable for a CISO. If Im hiring people, Im looking for
something like a CISM to show that you spent time to study, says the Municipality
CISO. If Ive been working with somebody for a while and know their technical chops,
its not as important because I know who they are and what they can do.
In Closing
As the role and responsibilities of CISOs continue to expand, current and future
security leaders will need to develop the soft skills necessary to thrive within the
business and ultimately establish influence without executive authority, master
the art of persuasion through effective communication and nurture the next
generation of security leaders.
Being part of Wisegate keeps senior IT practitioners abreast of evolving
security management trends and informed on which approaches their peers
find effective. In-depth discussions on how CISOs overcome career challenges
using effective leadership strategies continue online at www.wisegateit.com.