How World Class CISOs Manage Risk:
Does a CISO Need to be Technical?
Join Dr. Cole today as he answers some viewer questions such as:
How do you calculate risk in an organization and communicate that calculation to executives?
Do you have to be an expert in cybersecurity to be a world-class CISO?
How do you get the first CISO position with no experience?
Should I continue my formal education?
How do I ace the interview?
Tune in to find out the answers to these questions and more in today’s episode of LIFE of a CISO.
In this episode:
- 0:27 What does risk mean in an organization, aside from only money
- 0:51 Anything you come up with involving risk shouldn’t be overly complicated
- 2:14 Are you waiting to be perfect?
- 3:01 Everything from a business standpoint is about money
- 4:10 What to say and not to say
- 5:51 I’m a fan of starting simple
- 6:26 Not everyone who has a CISO title is actually world class CISO material (yet)
- 9:07 Why most world-class security engineers are actually ill-qualified to be a world-class CISO
- 10:54 You don’t have to be an expert on business or an expert on security, but you have to understand both
- 11:55 You have to be the coach, not the quarterback
- 17:31 What is the most important skill to be a world-class CISO? Mindset
- 18:49 Don’t put your success in the future
- 19:35 Don’t create facts out of lack of confidence
- 24:02 Take control of the interview
- 26:53 Having degrees doesn’t get you a job
- 28:17 45 Day CISO Challenge
- 32:30 End