This episode of Life of a CISO is all about communication between executives and security engineers. As a CISO, you must be able to do both. You don’t have to be a 10 out of 10 in both, but you do have to be good at both. A comparison I make is being a baseball player. A baseball player must know how to hit the ball and field the ball in order to be a great player. A security engineer who is specialized in one area does not always make a great CISO, and for that matter, an executive who doesn’t know cybersecurity won’t make a good CISO either. But if you are able to have the flexibility to be able to do both, you will be a world class CISO. In order to be a CISO, you must communicate to executives in a language they understand, which is numbers and money! You say “there is an 80% chance that hackers will cost you a million dollars, or you can give me $200K to fix it,” not “there’s a very high chance something bad will happen.” You can tell if you’re doing well as a CISO if executives look forward to meeting you. But if they don’t, get up the nerve and ask what you’re doing wrong.
๐ [ORDER] Cyber Crisis Book
How to Protect your Business from Real Threats in the Virtual World
https://secure-anchor.com/cybercrisis/
๐ [FREE MASTERCLASS]
Discover How You Can Advance Your Career Through Cybersecurity
https://safe.secure-anchor.com/nl-web-ciso46668983
Show Notes:
0:34 Mindset coaching: If you were brought up on charges on whether you were a world-class CISO, would you be guilty?
2:25 A CISO must be great at 2 things: cybersecurity and business
4:08 Baseball player analogy
4:45 The pitcher is a specialised position
5:36 A great specialist doesn’t make a great CISO
7:45 Most people who get into CISO positions are only great on the security side
9:49 Are you effectively communicating with the person you're talking with?
11:55 Treat people the way THEY want to be treated
12:32 The longer you’re a world-class security engineer, the harder it is to become a great CISO
14:25 “Is that what you want to do?”
16:19 “Are you willing to learn a whole new discipline?”
18:19 If you’ve come out of business school, why switch to cyber security?
19:05 Speak to executives in their language
20:58 The 4 things executives care about:
21:20 What could happen, 80% chance of it happening, It would cost $1M, or pay $200K to prevent it
21:59 Executives may take that risk
22:42 Executives want numbers, not adjectives
24:58 Executives will see that the CISO presents recommendations that are right
27:15 How often do you talk to executives?
28:00 How long is the meeting?
29:49 If you’re not world class, and you don’t know why, ask questions
About Dr Eric Cole
Eric Cole, PhD, is an industry-recognized security expert with over 20 years of hands-on experience in consulting, training, and public speaking. As the founder and CEO of Secure Anchor Consulting, Dr. Cole focuses on helping customers prevent security breaches, detect network intrusions, and respond to advanced threats. In addition, he is a sought-after expert witness and a 2014 inductee to the InfoSecurity Hall of Fame.
#LifeOfaCISO #CISO #Cybersecurity
0 Comments