All three are CISOs in one of the world's most attacked sectors: healthcare.
All three of our CISOs entered cybersecurity via IT. Dougherty had led the creation of an MSP where he became VP operations.
This is a recurring theme in this series of CISO conversations - career progression is often self-initiated: see an interesting gap, step up, and fill it.
The route now is from team member to team leader to manager and - if you tick all the boxes - eventually to CISO. This process naturally teaches management skills - but the CISO also requires exceptional leadership skills.
Most CISOs believe you can also learn leadership skills, but this comes from desire, the advice of mentors, observation of other leaders, and a smidgen of natural charisma.
Obviously, there are certain people who have natural charisma or natural leadership skills that they are born with, but a good leader must spend time focusing on those skills.
Key to being a successful CISO is the ability to recruit and keep - gain and retain - a strong, well-balanced security team.
Different CISOs develop their own methods for recruitment.
All three CISOs take the same approach to keeping a strong team.
Team members stay on the team if they are interested, engaged, have a sense of purpose and fulfillment, and a clear career path.
In some cases, particularly with people who are newer to the industry or new to the role, that person might not know where they want to go.
It includes race, socio-economic background, culture and LBGT. Full diversity is difficult for smaller organizations because the security team isn't large enough to include everyone - and CISOs must choose the best person regardless of background.
Each of the CISOs would welcome neurodiversity into the mix.
Some of the neurodiverse people I've worked with have been incredibly good at data and math and statistics.
There is generally less external company support available, and the CISO must be self-disciplined to prevent personal burnout.
' We think that's important to allow people to take time off to refresh and come back as their best self.
Dougherty cites two pieces of advice: never stop learning; and surround yourself with people you believe have the potential to be better than you while giving them the opportunity to be so.
A good CISO will lead a strong, diverse, and healthy team for one primary purpose: to prevent cyber threats impacting the company's bottom line.
The hardest thing to do is to design systems that allow people to get their work done, while at the same time preventing them from making mistakes.
Human error with the best intentions from people who were just trying to do the right thing and get their job done within a system that promotes productivity but doesn't catch those errors - that's the biggest threat.
This Cyber News was published on www.securityweek.com. Publication date: Tue, 05 Dec 2023 13:13:05 +0000