Cybersecurity Engineer VS. CISO | The Questions You Must Ask Yourself To Be An Effective CISO

In this episode of Life of a CISO, instead of answering questions, Dr. Eric Cole asks the questions.

In order to be an effective CISO, you must be able to answer these questions, which are about your personality, or how much you understand about the company you work for.

Listen in to today’s episode to answer these very important questions.

In this episode:

  • 0:15 Why I’m excited
  • 1:38 The question I keep getting asked is…
  • 1:50 A CISO is not a promotional path for a security engineer. It is a different skill set.
  • 3:55 The question you need to answer if being a CISO is right for you.
  • 4:54 How a CISO should answer that question
  • 5:55 Can you be both a security engineer and a CISO (No!)
  • 8:20 Cyber security is a business enabler. Question: How do you understand the business? 9:01 Core foundational information, criteria to make decisions, checklist
  • 9:25 Foundationally: What business are we really in?
  • 10:33 The answer needs to be embedded in your brain. Here’s why.
  • 13:40 How does your organization make money?
  • 14:35 If you don’t know this, how are you going to know how to allocate money?
  • 16:15 You must have decision-based questions for the organization
  • 17:24 Old-school security was always the same way. That way doesn’t work anymore.
  • 17:51 World class CISOs enable businesses
  • 18:18 Security needs to be the flour in the cake, not the icing on the cake
  • 20:25 What is the security posture of the company, and do you align with it?
  • 21:16 Transfer of responsibility to those who have the authority
  • 26:17 You must have post-review questions
  • 26:40 Example of post-review questions
  • 27:44 two sub-questions: how much confidence do I have in the answer; how can I improve?
  • 29:04 Review