In a recent interview with CSO, Snehai Antani, CEO of Horizon3, emphasized the importance of how Chief Information Security Officers (CISOs) communicate with their co-executives. Antani advised that CISOs should shift the focus of their discussions away from technologies and instead concentrate on outcomes that are strategic to business success, such as business continuity, risks, and risk mitigation. By doing so, CISOs can better align their cybersecurity efforts with the overall goals of the organization.
One way to raise a CISO’s profile and foster better communication within the executive team is through team-building retreats. These retreats are not the traditional “retreat from the fray” type, but rather engagement-focused events. Many companies already invest in team-building activities, recognizing that shared experiences help individuals get to know each other better and improve collaboration. For CISOs, participating in these retreats can be an opportunity to build trust with their fellow executives.
Mitch Simpson, an industry expert, shared his positive experiences with executive retreats that involve activities like Myers Briggs tests, which help participants understand each other’s communication styles. He stressed the importance of face-to-face interactions with fellow executives, as it not only builds familiarity but also fosters trust. CISOs should actively seek invitations to these retreats and seize any opportunity to expand the scope of their cybersecurity advocacy.
Another crucial aspect for CISOs is constantly demonstrating their value to the company. Manny Rivelo, CEO of Forcepoint, emphasized that CISOs should highlight how their teams contribute to increased productivity, return on investment (ROI), and compliance within the organization. CISOs hold significant responsibilities and should be held accountable for their actions. However, they also require appropriate resources and support from the organization. Just like the Chief Financial Officer (CFO), the CISO should engage with the C-Suite executives and be treated equally.
It is worth noting that CISOs who feel undervalued, unappreciated, or overwhelmed by stress are more likely to leave their positions. As highlighted in a recent report, CISO burnout has led to high turnover rates in the cybersecurity industry. The well-known Kenny Rogers song lyric, “You gotta know when to hold ’em, know when to fold ’em,” rings true for both CISOs and organizations. Boards should consider the negative ramifications of neglecting the CISO’s role within the executive team, as it can have detrimental effects on the company and its overall business objectives.
In conclusion, effective communication is vital for CISOs to establish their role within the executive team. By shifting the focus from technology-centric discussions to outcomes that align with business success, participating in team-building retreats, and constantly reiterating their value to the company, CISOs can elevate their profiles and contribute more effectively to the organization’s cybersecurity efforts. It is crucial for organizations to recognize and appreciate the importance of cybersecurity leadership in order to create a secure and resilient business environment.