Top 10 Dos and Don’ts of Successful Chief Information Security Officers

The topic for today is the 6 skills every successful CISO must have, and 4 mistakes to avoid.

Here are the 6 skills to master in order to be a successful CISO:

1 Communication and presentation skills
2 Understanding office politics
3 Understand the business and have an understanding of finances
4 Strategic planning
5 Be willing to ask for help. Know your swim lane, and ask for help when outside it
6 Risk-based thinking. 
Let data, not emotions, drive decisions

The 4 mistakes to avoid.

1 Don’t be focused on incident response. Have a person report to you.
2 You only don’t need to know more than the basics of legal/compliance
3 You’re not a penetration-tester.
4 You don’t need to know more than the basics of program management

Using your time wisely is important if you want to be a good CISO. Therefore, it’s important to use that time to learn the skills you need, and not waste time learning skills that won’t make a difference. If you are a person who is driven, you want to do everything. But a CISO doesn’t do everything. A CISO is a strategic, not a tactical position. Therefore, many things will be delegated and you will partner with specialists to stay in that strategic lane.

In this episode:

  •  0:04 Intro: What is The Life of a Ciso Show?
  • 0:35 Today’s advice – Security is a business enabler
  • 1:30 The golden rule of security – If security hinders the business, then security is wrong
  • 2:37 Eric’s two rules
  • 2:46 Rule 1: If anybody comes to you with a new idea, you don’t shoot it down
  • 3:10 Rule 2: If you get put on a project, do anything possible to make the project successful
  • 4:00 Eric’s meeting with a CEO of the company
  • 5:15 Eric tells the CEO his two rules, and why they were successful in practice
  • 6:55 What are the skills that CISOs need?
  • 7:23 CISOs try to do too much and be the hero
  • 7:40 CISOs get too technical and not strategic
  • 8:03 The do’s and don’ts of being a successful CISO
  • 8:29 1: communication and presentation skills
  • 9:27 Adapt your communication style to your audience
  • 9:34 To communicate with end users, make it personal.
  • 9:58 Security engineers want to do their job more effectively
  • 10:20 Executives want to understand key strategic questions to ask to minimize breaches.
  • 11:05 Communication means listening more than you speak
  • 14:08 The cell phone test
  • 15:49 Know how to run a meeting
  • 17:43 Skill 2: Outside the box thinking.
  • 19:25 Big budgets do not necessarily mean better results
  • 20:36 Skill 3: Understand the business and have an understanding of finances.
  • 22:40 Skill 4: Strategic planning