Although many security leaders have a C in their title, not all are true capital-C “Chiefs.” Here are three ways to live up to the job description.
Many security and risk leaders have an uppercase “C” in their title, but there is nothing “Chief” about them. They are executives in title only, and — just like the bottom three finishers in English Premier League soccer — these security leaders face relegation. For Americans, this is the equivalent of being a last-place finisher in Major League Baseball and your entire team gets sent down to Triple-A ball. To be successful and to be taken seriously by their other C-level peers, chief information security officers (CISOs) need a different approach.
I’ve worked with CISOs for many years, and as an analyst with Forrester Research, I was in a position to give many of them security program suggestions and advice. Which, to be honest, always made me feel like a bit of an imposter (like that friend without children who gives parenting advice). But now that I am a CISO myself and spend even more time with my peers, I find that many CISOs are actually “cISOs.” After years of seeking to be elevated to the C-suite and get in front of the board, now given the opportunity, many CISOS are struggling with the transition.
Combining my years of experience as an industry analyst with my perspective as a CISO, here are three recommendations for empowering CISOs with a capital C.