How World Class CISOs Manage Risk: Does a CISO Need to be Technical?

by | Apr 22, 2021 | CISO, Cybersecurity, Podcast - Life of a CISO, Uncategorized | 0 comments

How World Class CISOs Manage Risk:

Does a CISO Need to be Technical?

Join Dr. Cole today as he answers some viewer questions such as:

How do you calculate risk in an organization and communicate that calculation to executives?

Do you have to be an expert in cybersecurity to be a world-class CISO?

How do you get the first CISO position with no experience?

Should I continue my formal education?

How do I ace the interview?

Tune in to find out the answers to these questions and more in today’s episode of LIFE of a CISO. 

In this episode:

  • 0:27 What does risk mean in an organization, aside from only money
  • 0:51 Anything you come up with involving risk shouldn’t be overly complicated
  • 2:14 Are you waiting to be perfect?
  • 3:01 Everything from a business standpoint is about money
  • 4:10 What to say and not to say
  • 5:51 I’m a fan of starting simple
  • 6:26 Not everyone who has a CISO title is actually world class CISO material (yet)
  • 9:07 Why most world-class security engineers are actually ill-qualified to be a world-class CISO
  • 10:54 You don’t have to be an expert on business or an expert on security, but you have to understand both
  • 11:55 You have to be the coach, not the quarterback
  • 17:31 What is the most important skill to be a world-class CISO? Mindset
  • 18:49 Don’t put your success in the future
  • 19:35 Don’t create facts out of lack of confidence
  • 24:02 Take control of the interview
  • 26:53 Having degrees doesn’t get you a job
  • 28:17 45 Day CISO Challenge
  • 32:30 End