May 8, 2024

Chief Information Success Officer: A Guide for CISOs

Yael Nagler
author

Related materials:

Personal Branding For CISOs

Behaviors of a Department Head

 

What do you think?

Find us on LinkedIn

#branding#Ciso#ciso-mindmap#cybersecurity#executive-coaching#information-security#leadership#office-of-the-chief-information-security-officer#office-of-the-ciso#yass

The CISO role is (continuing) to earn a lot of attention.

Not all of it is positive.

One perspective is that each CISO need to be doing a better job of defining the success of the Cybersecurity function for their organization.

Another perspective is that organizations are failing to understand (as quickly as necessary) their Cybersecurity Risk profile.

One could go so far as to say, the CISO role is 50% about doing what’s in the job description and 50% about managing the perception that what’s being done is necessary.

Whether you agree or disagree, the point is, CISOs need to be their own PR.

 

Steps to Define Your Success

Just like every company is different, so is each CISO role. The first thing to know is that success is as much a perception as it is a measure of performance. Importantly, success in your current role is measured based on the CISO’s expressed definition of success for the security program.

And if you’re the CISO, this is good news! Start by defining (objectively, of course) what success looks like for the Cybersecurity program at this company at this time.

 

Define Objective Benchmarks 

As an executive department head, it’s within your remit to define the appropriate objective benchmarks. Then it’s your responsibility to manage the perception of performance against those benchmarks.

  • Keep them tangible.
  • Relate them to the work being performed in the BAU (business as usual).

An example of this is to define a metric such as: respond to 80% of high risk third-party findings within 180 days.

 

Success is shaped by how you are perceived to ‘improve’ the environment.

  • Are you building a strong culture within your cybersecurity team?
  • Are you taking the time to be a mentor?

These perceptions are more subjective but equally important.

 

Success for a CISO is measured by how achievements align with organizational goals. And how fortunate that you, as the CISO, get to define these objectives! This also has a secondary benefit, you’re naturally more likely to achieve success when you know what success looks like. So define it clearly!

 

Report (and measure) Your Performance

At the core of the CISO role is to measure and report technology and information protection performance metrics to the organization. It’s natural for the CISO to measure performance against benchmarks.

Do the same thing for your role. Be the first to evaluate your success. Don’t wait for (or rely on) others to say ‘great job’ as a measure of your perceived success. Say it first and say it loudest.

Remember, the bar for someone else to say you did a great job is much higher than your threshold to declare success.

 

Be Noticed by Others

Success is not just about achieving your self-assigned goals. You’re part of the executive team of the company, and being a valued part of the team is part of the job. You can’t ignore how others perceive you.

 

The first step is visibility – people need to know who you are.  (This means being ‘popular’ at work before being popular about your work.)

When you cross paths with someone new, introduce yourself. Share your role, how long you’ve been there, what you’re currently involved in, and connect your role with theirs

Building a positive perception involves simple yet impactful actions like:

  • Greeting colleagues
  • Expressing gratitude
  • Solving problems effectively
  • Reducing friction
  • Offering constructive feedback
  • Showing genuine appreciation for a job well done

These actions create a positive work environment and enhance your likability. When colleagues and stakeholders like you, others will often perceive you as a successful CISO/leader. 

 

Finally, observe how people support you when given the opportunity. For example, notice how your team and other stakeholders react when you propose a new cybersecurity initiative or control improvement. If they actively engage and offer constructive feedback (they don’t have to immediately agree), it demonstrates their trust in your leadership.  

This kind of support, especially when it requires cross-departmental collaboration, highlights your positive impact on others, indicating your success as a CISO.

 

Find Your ‘Success’ Formula

You are the one responsible for your success as a CISO at your company. Period. Sure, there are a lot of challenges and hurdles, but they are your puzzles to solve and overcome.

Begin with how you define and assess your achievements and then extend your reach to how others perceive and support you. Understanding these aspects of success is crucial for any leader, especially in a field as dynamic, integrated, and business-critical as cybersecurity.

This site uses cookies and may process personal data based on our Privacy Policy
Read privacy policy Ok!
Verified by MonsterInsights