What is the most important advice you can give the next generation of security professionals and CISOs?

Security & GRCPersonal DevelopmentExternal CXO Relationships
1.7k views7 Comments
Sort By:
Oldest
SVP, Chief Information Security Officer in Education2 years ago
Context is important. The path that one takes to being a CISO is very relevant and there are generally two paths. One path is to come up through the technical ranks. You understand technology at a certain level and you grow into management before ending up as a CISO. And the other path is to get your MBA. Among the MBAs that end up as CISOs, you’ll often find that they have never done security work hands-on, but they’ve gotten into that role because it has become far more business-centric than what it once was. I'm not saying either path is better or worse. They just come with different perspectives. I've met peers that couldn't break into something if I did it for them, but they're CISOs. And then I've met CISOs that come from a technical background and couldn’t talk to a board of directors if their career depended on it.

A good balance of both technical skill and business acumen is what a CISO needs to succeed. You have to earn the respect of your cybersecurity rank and file, but you also have to be able to translate technology talk for the board and C-suite. You have to speak their language and that doesn't come naturally; it’s something you have to learn. Some CISOs see themselves as pure business people and will never have the respect of their actual cybersecurity ranks. But that's a mistake, because in the face of a real emergency, those people won’t be that effective. So my advice is: don't limit yourself in terms of your perspective. It's great to have the business perspective, and it's great to have the technical perspective, but this role is unique in that you need both.
1
CISO in Healthcare and Biotech2 years ago
Be curious, be emphatic, lead with the "why" and never say "no", only "maybe...if the risk can be minimized or the right controls are in place."
CIO/CISO in Healthcare and Biotech2 years ago
Focus enough time on learning to translate the technical aspects of what you do (using risk as the key arbiter) into language that your C-Suite peers and board members can understand. The technical controls have become much more mature in the past 5 years, the real challenge is preparing to talk on the same language level as your peers in other business units
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
CISO in Software2 years ago
Always have a training and growth plan with dedicated time allocation and structure to stay current on trends, technologies and processes.
CISO in Finance (non-banking)2 years ago
Don't be afraid to fail and truly learn from those experiences.

Content you might like

What are the fundamental leadership capabilities that are needed for an era of exponential technology and AI innovation?

Disruptive & Emerging TechnologiesCulture & ValuesMentoring & Coaching+3 more
Director, Experience Design in Educationa year ago
I think Alivin Toffler said it best: "The illiterate of the 21st century will not be those who cannot read and write, but those who cannot learn, unlearn and relearn."

The most important attribute, then, is ...read more
31 3 Replies
Read More Comments
193.8k views172 Upvotes152 Comments

In the past 6 months, have you seen an uptick in targeted cyberattacks on telehealth devices and networks?

Security & GRCNetworkThreat & Vulnerability Management+2 more

No Increase16%

1-5% increase47%

6-25% increase24%

26-50% increase6%

51-75% increase1%

76%+1%

Other2%

View Results
1.7k views1 Upvote

We are using MDM and MAM with Intune to protect our Office 365 data on employee mobile devices. We also have end-users who are contractors and have existing MDM/MAM controls on their device from their primary employer.  They cannot add our corporate INTUNE controls to the same device according to the Microsoft error messages. The same issue applies to NEDs who work for multiple corporates. Has anyone else found a solution for this?

Management ToolsSecurity & GRCStrategy & Architecture+1 more
Director of Information Security9 days ago
We haven't found a "good" solution short of issuing a separate managed device; the user has to choose whose policies to apply to their device. On Android you can technically create separate user profiles to get around this ...read more
Read More Comments
364 views3 Comments

Does anyone have playbooks, or checklists covering cybersecurity aspects of Divestitures, Mergers, and acquisitions? 

Security & GRC
Director of Network Transformationa year ago
Excellent question!!  Folks, please share what should be included in a playbook/checklist.  Let's crowdsource one!
3
Read More Comments
4.2k views2 Upvotes4 Comments

Do you prefer learning using audio or video content?

Training & CertificationPersonal DevelopmentEmployee Engagement

Audio19%

Video70%

No preference8%

It depends (please explain in the comments)1%

View Results
3.7k views2 Comments