Since the time the Chief Information Security Officer (CISO) role emerged in the late 1990s, the job has become vastly more demanding and complex than ever before. This is all thanks to a rapidly evolving cybersecurity landscape, constantly arising new global threats, and increasing regulatory focus on cybersecurity from both private and public sectors.
Expectations for the modern CISO today have long gone beyond traditional aspects of IT governance, and risk and compliance. Oftentimes, CISO are also required to interpret the Board’s business goals and translate them to practicable risk-balanced implementations that empower achievement of strategic and operational excellence outside the purview of IT domains. Question is, against the backdrop of this demanding landscape, how can CISOs stay relevant?
GET THE PRIORITIES RIGHT
To do well in the competitive, resource- tight business environment, the CISO’s ability to balance corporate risks based on specific business needs and prioritising IT security needs is key in ensuring that IT security budgets are targeted, relevant and sustainable.
ADD VALUE TO THE BUSINESS
CISOs often play a pivotal role in bridging the gap between traditional IT departments and the rest of the business. It is therefore important that CISOs have a good understanding of how they can value-add to the business at large while enabling innovation and advancing operational efficiency.
BE THERE FOR YOUR PEOPLE
There is no doubt about it – the cybersecurity landscape will be different one year from now (if not sooner), and every other year as well. Thus, rather than drafting policies behind closed office doors, it is more critical for CISOs to be proactive in leading their staff through changes, and “walking the talk” alongside them to solve challenges.
MAKE LEARNING A COMMITMENT
As a CISO, the impetus for continuous learning cannot be over-emphasised. Being able to stay ahead of technological advancements and developing strong people skills are important competencies necessary for a CISO to perform well. In addition, technical skills and knowledge aside, CISOs also need to acquire critical skills in business and communication domains to work effectively with diverse stakeholders across the organisation.