By Michael Hill
UK Editor, CSO |
The job of the CISO can be tough with its share of challenges, difficulties and complications. A CISO’s trials and tribulations include responsibility for protecting a business’s most valuable asset (its data) from an evolving cyberthreat landscape, traversing complex and strict regulatory requirements, balancing security with critical business needs, and juggling a security skills and talent shortage.
These are just a few of the things that keep CISOs up at night. However, it is far from all doom and gloom. There’s plenty to be optimistic about if you are building or seeking a career as a CISO. Here are the seven best things about being a CISO according to those currently in the job.
Lena Smart, CISO at MongoDB, tells CSO that the best and arguably most important part of being a modern CISO is the seat you have at the table and the weight your insight and expertise have on running a business. “Executive teams and board members today understand that security is a priority and value your counsel at every level of decision making. They also support you in your programs and initiatives within the wider organization. Or at least, this is how it should be.”
Dave Stapleton, CISO at CyberGRX agrees, adding that, for CISOs that want to feel like they are a critical part of the solution, the role can put you front and center as an integral business partner.
“Many enterprises are now beginning to both understand and respect the security function in ways that they didn’t in the past,” adds Sarb Sembhi, CISO at airspace control and protection company AirEye. “I’d like to think that we are more liked and less feared than we used to be.”
As they become key players in wider business matters, modern CISOs can develop their credentials and knowledge beyond hands-on security skills and abilities. “Our role is continuously expanding,” Smart says. “Today, I am also responsible for governance, risk and compliance, which opens up more avenues into setting a cohesive plan and strategy for security and risk management that impacts the whole business,” she adds.
“The modern CISO can make use of a wide range of skills, beyond technical cybersecurity, and explore more areas of interest within the business,” Stapleton agrees. “As the cybersecurity landscape is constantly changing, there are always new and fascinating topics to dive into, so a CISO is never bored.”
“The Disabled CISO,” the Twitter handle of an anonymous CISO of a global company, tells CSO that security now touches every part of the business, driving CISOs to positively engage with and learn from all corners of a company. “I love getting out and joining colleagues at the coalface. To protect the business, I need to understand how we operate and the challenges that presents to colleagues. Getting out and about also gives me exposure to so many different areas that over my 20-plus years I have learnt so much about other disciplines such as HR, finance, legal, construction, and marketing,” they add.
For Runli Guo, CISO at transportation management platform and marketplace Gett, the chance to immerse herself in a role that allows her to bring about change is a key advantage of being a modern CISO. “I see myself as a transformational CISO – a problem solver, an optimizer, and a silo breaker,” she says. “I can’t see myself being in any role that would limit me to a particular project or repetitive tasks. If you enjoy solving complex problems and constantly improving things, this is the role for you.”
Guo adds that she views life as a journey of self-improvement, which also plays into the nature of her job. “I see being a CISO as a way of learning, growing, and making an impact on my organization and society in my own way by advocating what I believe in and by giving back my time and resources to support others.”
Canon Europe’s Director of Information Security Quentyn Taylor concurs. “I like solving problems and solving puzzles, and I believe that being a CISO is probably the ultimate puzzle. The infosec function is very new and is still finding its feet – some say this is a challenge as the road map is not as well defined as it is in other areas. However, for many, including myself, it is a huge opportunity to walk your own path and to draw your own map. While some people clamor for a boring life and dread living in ‘interesting times,’ life of an information security professional is quite the opposite – and this is something I thrive on.”
Guillaume Ehny, CISO at FinTech Kroo, tells CSO that CISOs have the power to change mindsets about security to benefit the sector. “As data breaches and compromises are making the headlines more often, we have been slowly moving towards a culture of sharing rather than blaming a victim for not doing enough and presenting them as a scapegoat. The industry is becoming more open on the topic and emphasis on a sharing culture is the direction of travel.”
Erhan Temurkan, CISO at FinTech Bink, adds CISOs can help this shift extend into people’s personal lives too. “This can be truly rewarding, particularly at the people level when employees feedback how security maturity has not only improved at work, but they’ve also taken it home to educate family members as well.”
As cybersecurity becomes an important priority for many companies, CISOs are finding themselves in demand, often with many opportunities available to them. Kunjal Tanna, cybersecurity recruiter and director of LT Harper, sees this firsthand. “The CISO job market is buoyant at the moment,” she tells CSO. “Things that are attracting job seekers are, first and foremost, flexibility. Most CISOs feel that their job can be done equally well in an office environment or at home although the vast majority of them prefer a hybrid working model.”
Tanna says she is yet to meet a CISO who says they are looking for an easy ride in their new job, and they all want to be presented with challenges and also to be rewarded and recognized for their success. “That reward isn’t purely monetary. Of course, a competitive salary is going to be a huge differentiator between one opportunity and the next, but things like knowing that they have the support and backing of the board matter a lot.”
For Smart, it is important to be a strong female leader in an industry that is still trying to increase its diversity and underrepresented talent. “Being in the position I am, I get the opportunity to use my platform to move not just the industry forward from a diversity and hiring standpoint, but I also get to mentor and encourage those who never saw security as a field for them.”
MongoDB’s Security Champions Program is one initiative that she is particularly proud of, Smart adds. “It lets me bring this passion for diverse hiring to my job every day. For example, since it launched last year, we have brought five individuals into our team who expressed an interest in security and are now working fulltime for Team CISO.”
This is also important to Jitender Arora, Deloitte North and South Europe CISO. “I value opportunities to engage with schools to attract young talent into technology and cyber. I also enjoy working with non-profit organizations to mentor refugees as they re-enter the workplace and sponsor people early on in their careers to build the future talent pipeline.”
Since the pandemic and remote working, mentoring programs and opportunities to support students and newcomers in the industry have become a lot more accessible, adds Ehny. CISOs have new opportunities to help the industry grow and actively engage in shaping its culture.
Arora says he loves his job because it is both meaningful and aligned with his purpose of creating a positive legacy. “Cybersecurity is still a relatively young profession compared to many others, and there is still a lot to do in getting organizations and society thinking and actively doing more to protect themselves from would-be hackers.” There is a genuine sense of pride in enabling businesses and defending organizations against cyberthreats, he adds. “The security community is working hard to protect organizations, critical national infrastructure, and critical services like hospitals and banking…it’s all about leaving a positive legacy behind.”
This resonates with Guo, too. “With the trend of the ‘great resignation,’ a lot of people are rethinking their career choices when they realize that work is such a major part of our lives. Unless your work gives you a sense of purpose, it’s difficult to sustain your motivation over a long period of time. Working in cybersecurity is impactful and fulfilling because it gives us a sense of responsibility.”
This takes on even greater significance for Temurkan given the global importance of cybersecurity. “The very nature of cybercrime is borderless, therefore maturing the security postures of organizations has an impact on reducing global cybercrime.”
As much as he likes technology and what it can do for himself, businesses and the world, Sembhi sees the best thing about being a CISO are the good, caring people in and around the industry. “Security people in particular are some of the most genuinely nicest and caring people I’ve ever met,” he says.
CyCognito CSO Marie Zettlemoyer echoes similar sentiments, adding that while the role can involve long nights and exhausting experiences that may make you feel isolated, the security community is amazing at locking arms together and sharing experiences and learnings. “We can arm each other with best practices to not only defend and protect our organizations, but to also protect our own health and well-being,” she tells CSO.
“It’s truly the people that are the best part of this job and the CISO community as a whole, where we are all invested in the success of each other and the security of those we protect,” adds Zoom CISO Jason Lee.
More on the CISO role:
Michael Hill is the UK editor of CSO Online. He has spent the past five-plus years covering various aspects of the cybersecurity industry, with particular interest in the ever-evolving role of the human-related elements of information security.
Copyright © 2022 IDG Communications, Inc.
Copyright © 2022 IDG Communications, Inc.