How to Bridge the Gap Between
Cybersecurity and Executives

In this episode of Life of a CISO, Dr. Eric Cole explains that a CISO must communicate between executives and security engineers.

A security engineer who is specialized in one area does not always make a great CISO, and for that matter, an executive who doesn’t know cybersecurity won’t make a good CISO either.

But if you are able to have the flexibility to be able to do both, you will be a world class CISO.

Listen to this episode to learn how communicating between executives and security engineers can make you a world class CISO.

In this episode:

  • 0:34 Mindset coaching: If you were brought up on charges on whether you were a world-class CISO, would you be guilty?
  • 2:25 A CISO must be great at 2 things: cybersecurity and business
  • 4:08 Baseball player analogy
  • 4:45 The pitcher is a specialised position
  • 5:36 A great specialist doesn’t make a great CISO
  • 7:45 Most people who get into CISO positions are only great on the security side
  • 9:49 Are you effectively communicating with the person you’re talking with?
  • 11:55 Treat people the way THEY want to be treated
  • 12:32 The longer you’re a world-class security engineer, the harder it is to become a great CISO
  • 14:25 “Is that what you want to do?”
  • 16:19 “Are you willing to learn a whole new discipline?”
  • 18:19 If you’ve come out of business school, why switch to cyber security?
  • 19:05 Speak to executives in their language
  • 20:58 The 4 things executives care about:
  • 21:20 What could happen, 80% chance of it happening, It would cost $1M, or pay $200K to prevent it
  • 21:59 Executives may take that risk
  • 22:42 Executives want numbers, not adjectives
  • 24:58 Executives will see that the CISO presents recommendations that are right
  • 27:15 How often do you talk to executives?
  • 28:00 How long is the meeting?
  • 29:49 If you’re not world class, and you don’t know why, ask questions