5 Traits of Successful CISOs to Conduct a Cybersecurity Risk Assessment

The topic for today is the 5 key characteristics that a successful CISO should have.

Here are the 5 traits in order to be a successful CISO:

1. You need to be able to predict the future. Insurance companies are in the business of calculating risk and assigning a dollar value to it.

2. No surprises. As a CISO, you have to communicate with the executives that there will be breaches, but that under your purview, they will be small and acted upon quickly.

3. Don’t be emotional. You need to keep the focus on the calculation of risk, not who is to blame.

4. Be really focused on “damage control.” You have to be focused on detecting breaches, and be able to communicate when one happens.

5. Stay calm when everyone is losing control. It’s your job not to freak out when breaches happen, because they will happen.

These traits are not talking about the skills of a CISO, but the personality traits that a CISO needs that will make people want to hire you and work with you.

In this episode:

  • 0:00 Welcome to the Cyber Security Army
  • 1:09 Remote learning now has new exposures
  • 1:40 Keep yourself safe with onlinedanger.com
  • 2:22 Risk (follow up from last episode)
  • 3:15 You need to communicate with executives in terms they understand (which is money)
  • 5:15 Give executives a slide with the top 3 things you want them to know:
  • 5:35 There are risks if there is functionality
  • 5:41 We are managing those risks appropriately
  • 5:52 There is some work that needs to be done
  • 6:37 Are there $ signs? (Qualitative/Quantitative)
  • 8:10 You don’t always have to become a CISO if you want to be successful
  • 10:13 What business calculates risk? Insurance companies.
  • 13:12 But they aren’t perfect
  • 14:37 How life insurance is actually calculated: historical and comparative data
  • 15:43 The important difference between insurance and cyber security
  • 16:30 Remember the Dr. Cole golden rule
  • 19:52 What are the traits of a really good CISO
  • 20:50 1: You need to be able to predict the future
  • 24:05 2: No surprises
  • 26:43 3: Don’t be emotional
  • 28:38 4: Be really focused on “damage control.”
  • 29:03 5: Stay calm when everyone is losing control
  • 30:21 Let data drive decisions
  • 23:25 Wrap up