In this episode of Life of a CISO, Dr. Eric Cole explores the often-overlooked path of consulting within the cybersecurity field. While many professionals transition from security engineering to management and eventually to a CISO role, he emphasizes that consulting can be an invaluable step in that journey. Consulting sharpens essential skills like communication, presentation, and business strategy—skills that are often underdeveloped in technical roles. Dr. Cole highlights how working in isolation, especially in remote environments, has negatively impacted workplace communication, making it even more crucial for cybersecurity professionals to develop interpersonal skills through consulting and in-person interactions.

He then shifts focus to a pressing issue in cybersecurity: the lack of effective measurement. Despite advancements in technology, breaches and financial damages from cyberattacks continue to rise exponentially. Dr. Cole argues that cybersecurity is not just a technical problem—it’s a business problem. Unlike IT, where success is measured in uptime and availability, cybersecurity success is much harder to quantify because it involves human behavior. He challenges CISOs to rethink traditional metrics and embrace business-centric approaches to security. This episode is a must-listen for cybersecurity leaders looking to refine their strategic approach and stay ahead in an evolving threat landscape.

In this episode:

  • 1:00Introduction of today’s focus
  • 2:00 – Mindset in cybersecurity
  • 5:00 – Human interaction importance
  • 8:00 – Consulting builds soft skills
  • 11:00 – Consulting career advantages
  • 14:00 – Lack of cybersecurity metrics
  • 16:00 – IT vs. cybersecurity measurement
  • 19:00 – Preventive vs. detective security
  • 25:00 – Dropped packets as a security metric