Change From Within: 3 Cybersecurity Transformation Traps for CISOs to Avoid

Whether they're earned or not, there are certain stigmas associated with chief information security officers: They work in isolation, with only a vague sense of how various departments contribute to the organization's greater good. Does this describe you and your team - even just a bit? Or more so? If you concede that it does, that's a good thing. Improvement requires change, which is sometimes uncomfortable, because change starts with you. For CISOs and their teams, that means transforming into ubiquitous advocates for cybersecurity - and then leading the transformation for everyone in the enterprise into advocates for the same. CISOs will thrive within this change by focusing on input, empathy, and alignment. This will enable lasting success for the shift by allowing CISOs to fully identify and understand information asymmetries throughout the organization and then remove them to clear the path to optimal communications and awareness. Assigning Tasks to the Wrong Subject Matter Expert CISOs are responsible for an extremely wide scope and frequently deal with high stress - but are consistently biased toward taking action themselves. They lead the organization well, but at times miss opportunities to leverage SMEs' soft skills to optimize resolution. As leaders, it is necessary that CISOs remain cognizant of the balance between SMEs' skill sets, shared values between them and the target organization, and the true goal of this collaboration. The solution requires raising engagement between security and the enterprise across the board, building relationships that ensure the right expert is assigned to the right issue to give the right support. CISOs must rely on the people around them to truly know what is going on. By interfacing with external teams, CISOs create contacts that result in the effective ingestion of information and the proper application of personnel and responses to the information. Failing to Tie Actions to Organizational and Business Goals If CISOs don't connect their work to broader goals, it's pretty much impossible for non-IT managers and employees to appreciate the value of their actions. CISOs know why certain controls and responses to threats are needed. They can never assume those outside their team do. Because I've invested that time - to find out what they do every day, along with their strategic goals and challenges - I gain their trust in myself and my team. Executing Without Making Broad Impact I push my team members to constantly ask themselves: "Am I implementing a fix that benefits people outside our team? Or am I just trying to make my own life easier?" Obviously, we seek to achieve the former and avoid the latter. "Everyone has a plan," boxer Mike Tyson is credited with saying, "Until they get punched in the mouth." If we work within security silos - isolated in our knowledge, dogmas, and execution - every security issue is like the first time in the ring, and we consistently take punches that we have little understanding of how to handle. If we proactively pursue empathy and alignment as part of our core values, we gain a level of trust that builds pathways throughout the enterprise. Subsequently, we can remove those informational asymmetries, elevate the conversation across the organization, and lead strategically.

This Cyber News was published on www.darkreading.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Change From Within: 3 Cybersecurity Transformation Traps for CISOs to Avoid

Proofpoint's CISO 2024 Report: Top Challenges Include Human Error & Risk - In Proofpoint's 2024 Voice of the CISO report, the cybersecurity company found that CISOs are dealing with people-centric threats more than ever. Plus, cybersecurity budgets often don't change, and AI can help and hurt CISOs' efforts. Regarding the ...
4 months ago Techrepublic.com
Human error still perceived as the Achilles' heel of cybersecurity - While fears of cyber attacks continue to rise, CISOs demonstrate increasing confidence in their ability to defend against these threats, reflecting a significant shift in the cybersecurity landscape, according to Proofpoint. CISOs' confidence is ...
4 months ago Helpnetsecurity.com
How the Evolving Role of the CISO Impacts Cybersecurity Startups - It helps startups striving to meet the ever-evolving needs of CISOs, who are simultaneously seeking the elusive but paramount buy-in from business users and executives. The CISO role has evolved dramatically in the past few years in response to ...
10 months ago Darkreading.com
Change From Within: 3 Cybersecurity Transformation Traps for CISOs to Avoid - Whether they're earned or not, there are certain stigmas associated with chief information security officers: They work in isolation, with only a vague sense of how various departments contribute to the organization's greater good. Does this describe ...
10 months ago Darkreading.com
Navigating the New Age of Cybersecurity Enforcement - Many equate this move as akin to a bomb going off for people working in the CISO role. CISOs are now faced with unprecedented potential liability risks, prompting the need for a proactive approach to legal exposure for security executives. To shed ...
9 months ago Darkreading.com
Soft Skills Every CISO Needs to Inspire Better Boardroom Relationships - In a recent survey of CISOs, 86% of respondents said the role has changed so much that it's almost become a different job altogether from what it once was. In addition to their traditional responsibility of defending organizations from an ...
9 months ago Darkreading.com
Security tools fail to translate risks for executives - Organizations are struggling with internal communication barriers, which hinder their ability to address cybersecurity threats, according to Dynatrace. The results indicate that CISOs encounter challenges in aligning security teams with the C-suite, ...
4 months ago Helpnetsecurity.com
The New CISO: Rethinking the Role - Dating back to the 1990s, the role of CISO was more technical and IT-focused. CISOs face more risks than can be resolved, are expected to balance security with operational capability, and must convince leaders to invest in protection. Today, CISOs ...
6 months ago Darkreading.com
CISOs Reconsider Their Roles in Response to GenAI Integration - Chief information security officers face mounting pressure as cyberattacks surge and complexities surrounding the implementation of GenAI and AI technologies emerge. The vast majority - 92% - of the 500 CISOs surveyed by Trellix admitted they are ...
4 months ago Securityboulevard.com
Overtaxed State CISOs Struggle with Budgeting, Staffing - Though the number of scarily understaffed offices has dropped — just two respondents reported having one to five full-time employees, down from six in 2022 — more than half of state CISOs report that their staff lack the competencies necessary to ...
5 days ago Darkreading.com
Fewer cybersecurity professionals losing their jobs in breach 'blame' game - Cybersecurity job loss after a major incident is becoming less likely as organizations drop the "Blame" game for more practical approaches to breach prevention, a survey of 500 CISOs shows. More than 95% of CISOs reported their teams received greater ...
10 months ago Scmagazine.com
The Role of the CISO in Digital Transformation - Modern-day demands require organizations to be flexible and digitally savvy, getting work done remotely and in the public cloud as often as in a centralized physical location, if not more so. As companies continue to modernize their workflows and ...
10 months ago Darkreading.com
What do CISOs need to know about API security in 2024? - According to Postman's 2023 State of the API Report, roughly 66% of participants indicated that their APIs contribute to generating revenue. A recent ESG survey on API security showed that 92% of organisations using APIs have experienced a breach in ...
9 months ago Cybersecurity-insiders.com
What CISOs Need to Know About Data Privacy in 2024 - While consumers continue to demand stronger personal data protections, companies are scrambling to keep track of an ever-evolving patchwork of applicable laws and regulations. In this environment, cybersecurity professionals need to understand the ...
8 months ago Cybersecurity-insiders.com
The CISO Role Is Changing. Can CISOs Themselves Keep Up? - The role of chief information security officer has expanded in the past decade thanks to rapid digital transformation. Now CISOs have to be far more business-oriented, wear many more hats, and communicate effectively with board members, employees, ...
6 months ago Darkreading.com
Fortinet Contributes to World Economic Forum's Strategic Cybersecurity Talent Framework - Shining a light on the cybersecurity workforce challenge, the World Economic Forum recently published its Strategic Cybersecurity Talent Framework, which is intended to serve as a reference for public and private decision-makers concerned by the ...
4 months ago Feeds.fortinet.com
Why CISOs and CIOs Should Work Together More Closely - Although there are overlaps in the goals and responsibilities of the CIO and the CISO, there are also challenges that get in the way of a more cohesive relationship, including reporting lines, organizational structures, budgets, and risk appetites. A ...
9 months ago Feedpress.me
Student Cybersecurity Clubs: Fostering Online Safety - Student cybersecurity clubs are playing a crucial role in promoting online safety among students. Student cybersecurity clubs play a vital role in this regard, as they provide a platform for students to learn about the latest threats, share best ...
9 months ago Securityzap.com
How CISOs Can Secure High-Level Executives: Keys to Consider - Securing high-level executives is a difficult task for CISOs for a number of reasons. Executives often have access to a large amount of sensitive data and play a critical role in an organization’s success, so protecting them from cyber threats is ...
1 year ago Csoonline.com
Most cloud transformations are stuck in the middle - The landscape of enterprise technology continues to evolve rapidly, with cloud transformation as a primary investment, according to HFS and IBM Consulting. Most organizations have not yet experienced tangible business value from these efforts. ...
9 months ago Helpnetsecurity.com
What Do CISOs Have to Do to Meet New SEC Regulations? - Ilona Cohen, Chief Legal and Policy Officer, HackerOne: It is never an easy time to be a chief information security officer, but the past few months have felt particularly challenging. The recent charges from the US Security and Exchange Commission ...
9 months ago Darkreading.com
Meet Your New Cybersecurity Auditor: Your Insurer - As businesses deal with the fallout of massive ransomware waves, from Lapsus$ to Cl0p/MOVEit, an unlikely new entity is joining the regulatory bodies to raise the bar for cybersecurity: the cyber insurer. Their coverage requirements and ...
10 months ago Darkreading.com
How to Avoid Falling Below the Cybersecurity Poverty Line - The security poverty line broadly defines a divide between the organizations that have the means and resources to achieve and maintain mature security postures to protect data, and those that do not. It was first coined by cybersecurity expert Wendy ...
1 year ago Csoonline.com
Growing threats outpace cybersecurity workforce - The cybersecurity skills shortage threatens the well-being and even survival of numerous businesses as cybersecurity threats grow more numerous, sophisticated, and dangerous to the point that cybersecurity groups have vowed not to pay ransom demands. ...
8 months ago Legal.thomsonreuters.com
CISO Corner: Deep Dive Into SecOps, Insurance, & CISOs' Evolving Role - Welcome to CISO Corner, Dark Reading's weekly digest of articles tailored specifically to security operations readers and security leaders. We're committed to bringing you a diverse set of perspectives to support the job of operationalizing ...
8 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)