The changing skillset of the CISO
A CISO is not just a technical guy. Yes, not just a guy. More and more women are becoming CISOs and DPOs too. When interviewing several Belgian CISOs, I asked their opinion on this evolution. The answers were unanimous: the increasing necessity of soft skills.
The importance of soft skills
For a long time, the task of the CISO was to ensure that all security controls were in place. In the meantime, this has become an old-fashioned interpretation of the CISO profile. As you know, security is but as strong as its weakest link. It needs to be in your company’s DNA. That is why today’s CISOs must be able to engage the entire company, from the application developers, up to the end users and the board. This requires insights, empathy and patience, as well as leadership skills as you need to direct more people than just your team.
These soft skills are actually strong skills nowadays. A combination of those and technical expertise is hard to find. That is why today there are already CISOs without technical skills. The IT team members can partly take care of those while the CISO tries to persuade the co-workers of the importance of cybersecurity. Delivering your message in a simple and understandable way, customized to each co-worker, is crucial in order to get them engaged.
Proving ROI to the board
As mentioned above, CISOs need to persuade the employees of the importance of cybersecurity. All employees, also the board. Companies need a management with oversight and accountability in this area. Security is something that has to be built-in. That is why aligning your people, process and technology is essential. If you don’t know your cybersecurity maturity level in these three areas, then it might be worth considering a Security Maturity Assessment.
This document might be very useful to prove the ROI of your security strategy. When reporting to the board, you must take the following into account:
- Translate technical risk into business risk and potential impact
- Justify new security investments in line with the business goals
- Have a single view on the company’s security status, combining on-premise, cloud and endpoints
- Show compliance to auditors
There are other useful tools available to help you report this ROI to the board. SecureLink is specialized in creating customized Security Dashboards and Reports. We can provide packages that contain predefined dashboards and reports and we can customize them to your business goals when required. To do so, we collect the relevant information from our security solutions and integrate them into a single platform and build real-time dashboards on top.
Do you want more information on a (customized) security dashboard, the Orange Cyberdefense Security Maturity Assessment or more, please don’t hesitate to contact us.