How to Bridge the Gap Between
Cybersecurity and Executives
In this episode of Life of a CISO, Dr. Eric Cole explains that a CISO must communicate between executives and security engineers.
A security engineer who is specialized in one area does not always make a great CISO, and for that matter, an executive who doesn’t know cybersecurity won’t make a good CISO either.
But if you are able to have the flexibility to be able to do both, you will be a world class CISO.
Listen to this episode to learn how communicating between executives and security engineers can make you a world class CISO.
In this episode:
- 0:34 Mindset coaching: If you were brought up on charges on whether you were a world-class CISO, would you be guilty?
- 2:25 A CISO must be great at 2 things: cybersecurity and business
- 4:08 Baseball player analogy
- 4:45 The pitcher is a specialised position
- 5:36 A great specialist doesn’t make a great CISO
- 7:45 Most people who get into CISO positions are only great on the security side
- 9:49 Are you effectively communicating with the person you’re talking with?
- 11:55 Treat people the way THEY want to be treated
- 12:32 The longer you’re a world-class security engineer, the harder it is to become a great CISO
- 14:25 “Is that what you want to do?”
- 16:19 “Are you willing to learn a whole new discipline?”
- 18:19 If you’ve come out of business school, why switch to cyber security?
- 19:05 Speak to executives in their language
- 20:58 The 4 things executives care about:
- 21:20 What could happen, 80% chance of it happening, It would cost $1M, or pay $200K to prevent it
- 21:59 Executives may take that risk
- 22:42 Executives want numbers, not adjectives
- 24:58 Executives will see that the CISO presents recommendations that are right
- 27:15 How often do you talk to executives?
- 28:00 How long is the meeting?
- 29:49 If you’re not world class, and you don’t know why, ask questions