A blend of technical, personal, regulatory and risk management skills are critical to helping the modern CISO succeed at a time of continual change and mounting pressure, security leaders have argued.
Speaking on the third day of Infosecurity Europe today, former Trainline CISO, Munawar Valiji, argued that the role has evolved significantly over the past decade.
“The job has got interesting because technology is less a part of the conversation than the hearts and minds and emotional connection – the engagement with people,” he said.
Valiji explained that getting the buy-in of “prickly” editorial executives during a previous role at News Corp was emblematic of the kind of interpersonal skills now required of the CISO.
“Fast forward 10 years and it’s exactly the same conversations. The only difference is the stakes are much higher,” he continued. “You’re going to have to do GDPR and PCI [DSS], you’re going to have to work in a high frequency, low latency change environment. But you’re going to have to do that with a lot less budget than you did 10 years ago because there are conflicting priorities.”
Read more from Infosecurity Europe: #Infosec2024: How to Develop Your Future Cybersecurity Team
University of Manchester CISO, Heather Lowrie, added that whatever the budget, demonstrating return on investment (ROI) and prioritizing available resources are key. She also cited the ability to manage change effectively as key.
“It’s about being able to manage risk in complex, dynamic environments that are constantly changing,” said Lowrie.
“To work in this role, it helps to be comfortable working under conditions of uncertainty … and working with business partners to prepare them for what’s coming down the line in six months, one or three years, having that strategic outlook. What does the threat landscape look like? What do we need to be prepared for in terms of changing regulatory and threat environments?”
This blend of technical and business awareness is also important to ensure security teams are performing at their best, the panel agreed.
“It’s so important to relate everything our teams do to the mission of the business we’re there to support,” said Lowrie. “It’s also about being able to zoom in and zoom out – to support your team operationally … but also see the bigger picture and translate and relate that to your team, so they can be part of that as well.”
Having the right tools and processes will help here, but it’s also critical to be there to support the team, both emotionally and strategically, added Valiji.
“You need to stand with them. Some of that is giving them air cover and some of it is giving them time to stop and think – giving them that breathing space,” he noted.
“Because if you slow down and step back, you get a chance to think, decompress and maybe have a different perspective on things – which generally helps the outcome.”