6 Qualities Of An Awesome Chief Information Security Officer

An awesome Chief Information Security Officer (CISO) is a highly sought after person, largely because the role combines a unique mix of good technical skill, good management skill with good attitudes and behaviours.

Here are seven qualities we believe makes up an awesome CISO –

Friendly & Approachable - should have the ability to be warm, approachable, closely listen and be ready to speak with anyone in a friendly manner. When something big happens, staff shouldn’t be afraid or feel judged when approaching their CISO quickly about it.

Speak the Language - lives and breathes the daily battle against attackers from all sides. They hire the best and brightest - from auditors to technical penetration testers – and they understand their language. They give them the support and tools they need to do their jobs successfully. They also communicate regularly with the senior leadership, providing actionable metrics and summarising key risks. They are a direct speaker, open and honest with all they meet.

Aligns with Business Goals –understands that their role is to not control the business but to enable it to enable it to do the right thing from a security perspective. Good CISOs align their programs with the mission values and purpose of the larger organisation and understand how to communicate with business leaders in ways that enable those leaders to make effective decisions.

Patient - recognises change takes time and is resilient and persistent in supporting that change. Changing everything in an organisation, from its risk management and security culture all the way down to its operational processes and code, takes years of patience and a little bit of cunning.

Talent Scout – has a full understanding of the skills needed to get the job done, but recognises they wont have all the skills themselves. Reliance and delegation to a skilled team becomes important. A CISO isn’t afraid to hire more technically talented people and empower them to do the right thing.

Risk Driven – not compliance driven, they are in touch with industry direction and has ability to translate into business impact and requirements in a simple and safe manner. They are always thinking about and prioritising business risk.

Questions your C-Suite should ask your CISO – Are you visible, friendly and approachable to staff? How does your activity align to business objectives? Are you developing the right talent?