I’m so excited about my latest contribution to our research on “How To Become A Superstar Security Leader” (led by my fabulous colleagues Claire O’Malley and Chris McClean). I often get asked by clients and colleagues I speak with: “What does a modern-day CISO look like? What qualities do great CISOs have?” This can be a somewhat controversial topic for many, as the debate often rages around binary elements (e.g., technical versus nontechnical; charismatic versus dull). And yet there is so much more to it.
When I entered the profession 20 years ago (eek!), most if not all CISOs I knew had a technology background. They attracted like individuals, and technical security skills were the only ones exalted. I clearly remember the day in my very early career when I was asked if I wanted to enter the “hacking” or the “policy” side of security — so binary. Mercifully, these days are over. Security is now a multidisciplinary profession where you can generalize or specialize as much or as little as you choose. We need everybody here! And we need all sorts of skills.
With a skills shortage looming, the change in customer expectations of security, a significant gender diversity issue, and a highly complex technology and business landscape, the requirements for a CISO have changed. Your business and your team need a new breed of security and a superstar CISO. In this new world, top CISOs are ones who are most adept at harmonizing security! This has nothing to do with purist qualities such as a dashing personality, technical skills, or any other single skill; CISO superstardom is about thoughtful tactics.
Our research urges CISOs to be the security leader that their fellow executives want in the room. To do this:
- Explain why security matters by using stories, tying security to business objectives, and communicating with the board, not just reporting to it.
- Know your technology touchpoints.
- Prioritize employee growth potential by investing in raw diverse talent, hiring women, creating a supportive culture, and empowering your team.
It also speaks to the crucial personal skills of a CISO that we don’t often talk about, such as the skills of courage (to take a stand on critical issues) and personal resilience (to keep fighting through the many setbacks that security will encounter).
I’m looking forward to hearing everyone’s thoughts and experiences of what makes a superstar CISO.