Interviewing CISOâs On Potential Pitfalls And How To Get Buy-in From The Board>
Acumin – Martha Tonks
If we consider the CISO as the most dangerous job in security, what motivates those to take it on, and what is required to be truly successful in a senior management role in security? âYouâre a custodian, responsible for protecting the face of your business and trust of their customers as they engage with your organisation. Itâs a tough job being a CISO if you compare to other roles in the business. You still have processes and programme delivery to manage whilst you are trying to stop people trying to hack you. Every day something different happens, itâs the variety of that type of role that is rewardingâ â Bryan Littlefair âWith buy in from the board you are able to do two things; Be a trusted partner to other executive decision makers in the business. Be a team ambassador â providing value for the business agenda. Without being able to foster a good relationship with the board the security team suffers, they can be limited by the allocated resource and budget, and feel like an undervalued silo not aligned to business strategy. This is where the reward for this job lies. Having the buy in from the Board because you are trusted will add value to the business, and motivate the security team â this is what makes it worthwhile.â  â Howard Pinto. âBoards are now accountable for their actions personally, so managing security effectively has their interest peaked. This comes with a balance, as budgets for security increase, this invariably means another function of the business has less. With additional funding you have to deliver value, else it will not be awarded again.â â Howard Pinto. âThe challenge was going against the status quo when I joined Vodafone. The business had been around for numerous years and was of significant scale. Delivering a security process of that size and scale doesnât come cheaply. We went from a team of 8-10 to a global team of around 700 security staff. âPart of the challenge with board relationship management arrives when you are asking them to invest in security. Itâs like asking them to take out an insurance. If youâve invested in that insurance policy before something happens it will protect you. As Vodafone placed a lot of value in providing a great customer service, we had everything we needed to integrate a global cyber security strategy. This provides a different challenge in managing the board. We couldnât go in and blame a lack of budget or limited resource for any ineffectiveness. You had to be sure of the strategy, and that you were approaching each stage of the process at the right time.â â Bryan Littlefair CISOâs face a potential pitfall as organisations wake up to a need for a significant cyber strategy â how that works with not only the board, but the wider executive team. It is important, and itâs a trap many CISOâs and security teams can fall into â not being seen as the team that only becomes useful in times of crisis. Cyber security management has a much larger role in the organisation than being a foghorn for threat announcements, and the ways in which CISOâs interact with other execs is significant. One relationship that can hinder a CISOâs security strategy is that with the businessâs CIO. In most businesses, the CISO reports into the CIO, or they interoperate to a significant extent. For many organisations, budgets and priorities between these two executive positions are not aligned. The ability for a CISO to collaborate is vital. Itâs clear the CISO has a great many strategies to consider, not least in managing internal relationships. Finding the right executive culture that recognises security strategy as integral to business growth is increasingly important, given the industry landscape of increasing regulations and diversity of threats.
Link: https://www.acumin.co.uk/news/interviewing-cisos-on-potential-pitfalls-and-how-to-get-buy-in-from-the-board/4927/