Can You Be Both Strategic and
Tactical as a CISO (Hint: No) 

On today’s episode, Dr. Eric Cole answers his most frequently asked question: “What is the difference between strategic and tactical?”

Some people have a strategic mindset, and others can’t help themselves but continue to think tactically.

Being a CISO is one of the best jobs in the world, but it’s not the best fit for everyone, and there’s nothing wrong with that.

Listen to this episode to learn the simple test to determine if being a CISO is right for you.

In this episode:

  • 0:04 Welcome to this episode of Life of a CISO
  • 0:30 Look for patterns
  • 0:56 Strategy and tactics
  • 1:12 Strategy is high level: Fix vulnerabilities
  • 2:07 As a CISO, come up with a strategy that vulnerabilities are patched
  • 2:46 Start asking questions
  • 3:59 Hire slow, fire fast, and how to be a better leader
  • 5:54 Security & tactics
  • 7:05 Could a good security engineer be a good CISO?
  • 7:58 There is not one path to becoming a CISO
  • 8:43 A CISO is NOT a glorified engineer
  • 10:22 Know which one you want to do, technical or strategic
  • 11:30 The simple CISO test
  • 13:09 One possible reaction to the CISO test
  • 13:40 If you find something you love to do, you never work a day in your life
  • 14:08 Don’t get caught up on a title, do the job you love
  • 14:45 What is a CISO (again)
  • 16:14 IT during COVID
  • 17:27 Executives asked the wrong question
  • 18:08 The question that wasn’t asked
  • 19:48 What went wrong
  • 21:51 When you get defensive, that usually mean it’s right and important
  • 22:53 Facts and opinions
  • 25:56 Security roadmaps from January are no longer good, The Target story
  • 27:20 Recommendation: do a quick spot check
  • 29:18 Wrap up