Dolberg and Gardner revealed five secrets of high-performing CISOs at the RSA Conference 2017 in San Francisco. Below is a summary from their talk:
At the RSAC2017, Stan Dolberg, Chief Research Officer, Institute for Applied Network Security and its CEO, Phil Gardner, urged the CISOs to evoke the 'Do the right thing' ethos of enterprise security. "You must lead your organization to adopt safe business practices," said Dolberg.
Secret #1: You have to lead without authority
There are lucky CISOs who are welcomed into an organization that has a strong risk culture and risk aware management. For the rest of them, information security professionals are handed over the keys with just a few resources. CISOs will have to use the tools of influence, persuasion, negotiation, conflict management, communication, and education. Additionally, they must possess two qualities in order to excel at information security leadership: Technical excellence and proactive organization engagement.
Secret #2: Embrace the change agent role
Information security is not a feel good role. If CISOs are to adopt safe business practices, they are going to make ripples from top-down and vice versa. By embracing this role, they will be able to understand and process the conflict and resistance, which is a natural part of their job. According to data from IANS, 3 out of 4 high performers proactively engage with stakeholders at all levels.
Secret #3: Don't wait to be invited to the party
Organizations do not automatically know how InfoSec should be woven into the fabric of business. According to IANS, 51% of high performing CISOs use simulations with the business folks to generate the emotional experience of loss and compromise.
Secret #4: Build a cohesive cyber cadre - not just a team
The high performing CISOs will patiently assemble a team of great people. However, if you want to scale your team, you will have to develop your people on technical depth, business knowledge muscle, and interpersonal skills. To go a step further, CISOs send across a consistent approach and consistent message for all stakeholders. According to data from IANS, 84% of high performers have the right people and are on the right path to building a cohesive team.
Secret #5: It's a 5 to 7 year journey to high impact
CISOs will typically take half a decade or more to build the trust, develop programs, and value of their information security teams.
To learn more about the high performing CISOs, listen to the complete RSAC presentaiton here.