Top 10 Dos and Don’ts of Successful Chief Information Security Officers
The topic for today is the 6 skills every successful CISO must have, and 4 mistakes to avoid.
Here are the 6 skills to master in order to be a successful CISO:
1 Communication and presentation skills
2 Understanding office politics
3 Understand the business and have an understanding of finances
4 Strategic planning
5 Be willing to ask for help. Know your swim lane, and ask for help when outside it
6 Risk-based thinking. Let data, not emotions, drive decisions
The 4 mistakes to avoid.
1 Don’t be focused on incident response. Have a person report to you.
2 You only don’t need to know more than the basics of legal/compliance
3 You’re not a penetration-tester.
4 You don’t need to know more than the basics of program management
Using your time wisely is important if you want to be a good CISO. Therefore, it’s important to use that time to learn the skills you need, and not waste time learning skills that won’t make a difference. If you are a person who is driven, you want to do everything. But a CISO doesn’t do everything. A CISO is a strategic, not a tactical position. Therefore, many things will be delegated and you will partner with specialists to stay in that strategic lane.
In this episode:
- 0:04 Intro: What is The Life of a Ciso Show?
- 0:35 Today’s advice – Security is a business enabler
- 1:30 The golden rule of security – If security hinders the business, then security is wrong
- 2:37 Eric’s two rules
- 2:46 Rule 1: If anybody comes to you with a new idea, you don’t shoot it down
- 3:10 Rule 2: If you get put on a project, do anything possible to make the project successful
- 4:00 Eric’s meeting with a CEO of the company
- 5:15 Eric tells the CEO his two rules, and why they were successful in practice
- 6:55 What are the skills that CISOs need?
- 7:23 CISOs try to do too much and be the hero
- 7:40 CISOs get too technical and not strategic
- 8:03 The do’s and don’ts of being a successful CISO
- 8:29 1: communication and presentation skills
- 9:27 Adapt your communication style to your audience
- 9:34 To communicate with end users, make it personal.
- 9:58 Security engineers want to do their job more effectively
- 10:20 Executives want to understand key strategic questions to ask to minimize breaches.
- 11:05 Communication means listening more than you speak
- 14:08 The cell phone test
- 15:49 Know how to run a meeting
- 17:43 Skill 2: Outside the box thinking.
- 19:25 Big budgets do not necessarily mean better results
- 20:36 Skill 3: Understand the business and have an understanding of finances.
- 22:40 Skill 4: Strategic planning