A successful CISO’s toolkit contains equal parts business acumen and technical cybersecurity expertise.

 

This presents a problem for many cybersecurity professionals looking to climb the organisational ladder. They are undoubtedly experts in their highly technical fields, but they will have to learn key business skills in order to proceed

This personal cultural change can be challenging for any budding cyber leader. Learning new business skills is highly nuanced, not much like the cut-and-dry nature of simply gaining another certification. And the move towards the often uncertain worlds of finances, people, and politics can be quite the jump from the relative straightforwardness of technology!

So let’s explore how tomorrow’s tech and cyber leaders will need to adapt in order to achieve an optimal balance of technical skill and business acumen.

(Disclaimer: Yes, sometimes cyber leaders come from a GRC or legal background and those leaders may be more au fait with business. But they have their own set of challenges to get to grips with – this one’s for the techies!)

 

The Easy Bit for Many: Technical Cyber Expertise

 

Many cyber leaders who have risen through the ranks will have had significantly more experience in cyber and tech than in business leadership. But they are living proof that a balance between the two is achievable!

Some of the most effective CISOs I know come from technical background .They fully understand the technical landscape. They’re able to understand how emerging threats function. They are able to read technical reports. They can develop and implement strong, highly practical security initiatives. They can liaise with technical systems architecture and engineering teams without needing a translator – and they know when someone is just trying to sound clever!

But the life of a cyber leader is often far removed from the techy life they were previously used to. Good cyber leaders need to fit cybersecurity efforts seamlessly into overarching business strategy. They also need to focus on how cybersecurity can be used to speed up innovation – rather than slowing it to a crawl for the sake of defences.

Essential Leadership Qualities for Cybersecurity Professionals

Strategic Business Thinking

Good cyber leaders need to be able to produce business-wide security strategies – and practical implementation roadmaps – that are fully aligned with business objectives. This requires a firm grasp on the business’s goals, priorities, and risk appetite; as well as a practical and strategic mind.

The higher up the ranks you climb, the more sway you will have over strategies and policies like these, and therefore the more business-wide lateral thinking you will be expected to apply. Enacting these strategies can also require a good deal of communication and project management skills too.

Communication & Interpersonal Skills

Good leaders are good communicators. It’s as simple as that.

Cybersecurity can be a bit of a hard sell sometimes. When you’re not trying to keep a cyber-sceptic executive on-side, you’re trying to get non-technical teams to adopt new, different, more secure ways of working. Both situations require you to clearly justify the benefits of your security approach, alleviate any concerns, and persuade people to stay on board with your security strategy.

However, the real cultural shift comes in regards to maintaining strong relationships with business executives and key stakeholders. Fostering a good relationship with leaders like these will help you:

● Achieve “buy-in” throughout the organisation’s various departments and functions.
● Understand other departments’ key functions and keep security firmly tethered to these practicalities.
● Align yourself with the various strategies, policies, and initiatives at play throughout the organisation.
● Secure resources and budget for measures that require financial and human resources.
● Adequately convey cyber risk and promote security initiatives to other departments.
● Effectively communicate and foster collaboration in the event of a cybersecurity incident.

 

Financial & Budgetary Thinking

As a budding leader climbs the ranks, they will be given more and more influence over finances and budgets. This requires new, non-technical skills like budget planning and allocation; conducting cost-benefit analyses; calculating returns on investment; and tying cyber initiatives to achievable goals and metrics.

Money makes the world go round, so any cybersecurity measures will largely be examined through the lens of capital. As a cyber leader, you will be expected to understand the financial implications of cyber threats, explore the full costs associated with a potential breach, and demonstrate how your strategy mitigates these risks without standing in the way of wider business goals.

Being able to conduct rigorous cost-benefit analyses is a non-negotiable skill for cyber leaders. Successfully doing so requires a firm understanding of the business’s finances, the security department’s budgets, and the business’s overall strategy.

Calculating a cyber strategy’s return on investment can be difficult. But with the right metrics and regular reporting, cyber leaders can demonstrate the ROI of security efforts and justify the impact of security spend.

Being an Ambassador for Cyber Initiatives

Cyber leaders, especially CISOs, should be vocal advocates for cybersecurity across their entire organisation. Ideally, they should be someone that people look up to and respect for their cybersecurity expertise.

Creating a strong cyber-aware culture is far easier said than done – and something I wrote a whole article about .

Again, communication is an essential skill here. Being able to communicate the benefits of cybersecurity (and indeed the benefits of your particular approach) is essential. A CISO I know had a great tip to share here – create elevator pitches. Whether it’s a summary of what you do, what your security strategy achieves, or a relevant part of cybersecurity that needs demystifying, using a pre-prepared 30-60 second spiel in response to a tough query can help you appear like a master communicator! Politicians do it (or at least attempt it) all of the time!

Awareness of C-Suite Politics

When you come within a certain distance of the C-Suite, you will need to maintain a certain level of internal political awareness. To succeed as a leader, you need to stay on a lot of people’s good sides; whether they are your subordinates, your peers, your higher-ups, or other key stakeholders outside of the org chart.

Internal politics vary wildly from organisation to organisation, so there are some areas of this journey you are going to have to scope out on your own. However, demystifying what you do is a key skill to have – as is demonstrating how you benefit that individual.

This may be as simple as going back to basics: how your input secures that person’s bonus, how your strategies have affected the company’s share price, how cybersecurity means that an individual now has more budget to play with, or how the cyber-aware culture you have built has helped the business to grow.

Team Leadership Skills

This one’s a bit of a no-brainer! If you want to be a leader, you’re going to have to be able to lead. But leadership is far more than telling people what to do.

If you’re already a leader, you will know that managing people can be incredibly stressful. There’s a lot of pressure and a lot of things happening outside of your control. Also, people leave jobs because of people – usually poor leaders. So you need to be a leader that people want to work for.

This can mean working on your emotional resilience, your relationship with stress, and strengthening your interpersonal skills.

Where Can Budding Cyber Leaders Start Building Business Skills?

Let’s examine some powerful ways to start balancing out your technical skills with business and leadership acumen. These are all great ways to grow as a professional and stake your claim within the tech leadership space.

Self-Examination

Knowing your strengths and weaknesses is important for any role. But being a good leader requires you to be incredibly self-aware. You need to be aware of which of your personality traits make you a good leader and should be encouraged, and what parts of you bring more harm than good in a leadership role.

Self-awareness itself is a habit that can be learned – and the more you become able to stop yourself from saying or doing something negative in the moment, the better.

A spot of self-investigation can also bring a lack of more tangible skills to the fore. Not sure how to network with C-Suite? Not sure how to handle difficult situations with team members? Not confident in your presentation skills? Create your own “curriculum” of things to learn and learn them.

If you’re open to the challenge of being the most learned, self-aware leader you can be, you’ll be in with a great chance of achieving it.

 

Mentorship, Networking & Continuous Learning

One excellent way of nurturing your inner leader is by seeking out a mentor. Someone who’s currently in a role that’s similar to one you have your sights on.

My advice? Mix in the circles you want to be in. Assess available networking opportunities through the lens of who is going to be there. What organisations are going to be present? Who seems useful to know in your corporate-ladder climbing endeavour? And who appears to be willing to take a fledgling leader under their wing?

But don’t be too picky here – if you fancy a jump to CISO, you don’t necessarily have to find a CISO as a mentor. Having a CIO or CTO (or even Chief Risk Officer) as your mentor can be just as useful because these are roles that the CISO commonly reports to. In short, they know what they want from a CISO, so their insight may be incredibly valuable.

 

Embrace Exposure & Collaboration

Forging a bit of a personal brand for yourself can also be incredibly useful. While you’re on the lookout for networking opportunities, see if there is any way you can get yourself in front of relevant professionals through speaking, collaboration, or just through regularly being in the same room.

Seek out like-minded security and IT groups and associations; you could explore membership, or simply make yourself available for public speaking and roundtable discussions. Put yourself out there as a knowledgeable, trustworthy person who knows the security industry and the challenges that security leaders face.

In order to get your voice out there in front of other security leaders, you might also want to seek out guest speaker opportunities on webinars, podcasts, and LinkedIn Audio Events.

Depending on your attitudes to social media, you may find it a useful channel to build community. However don’t feel tempted to sink all of your networking efforts into the likes of LinkedIn unless it achieves demonstrable results for you.

Maintain a Firm Grip on Business Trends

Great business minds aim to stay aware of any trends or changes that might impact business, so aim to do the same. This often means keeping an eye on matters far broader than mere business, including geopolitical situations, share price trends, political “kitchen-table” issues, and global news.

But moving back to the techy stuff, Even the most non-technical leaders are exploring things like using AI to their best competitive advantage. Could you be the person with their finger on the pulse of fields like AI/ML, quantum computing, or blockchain, ready to demystify them for the more business-focused people in your network?

Business-Focused Certifications

As you’re risen through the ranks as a techie, chances are you have a few tech-specific certifications under your belt. And now you’re climbing the corporate ladder, there are qualifications that can help you here too.

Most business and management certifications will help you achieve a good grounding in business fundamentals, strategy, and reporting. Earning qualifications like these also demonstrates to employers that you’re taking your pivot towards business seriously.

Taking this to its extreme logical conclusion would be to study for an MBA. I know CISOs who have taken this route and they describe having an MBA as their superpower because it fully equipped them with everything they could ever need to know about business. Though I admit, taking on an MBA presents a significant investment of time and money!

What Will Your Next Move Be?

Looking to explore your next cyber leadership role in the UK or US? Get in touch with the cyber leadership recruitment experts at Bestman Solutions. Browse our featured opportunities or submit your resume to info@bestmansolutions.com.

Back to Publications

More Publications

Were you aware of these Cybersecurity awareness days?

Read more

5 People-Focused Ways to Build a Robust Cybersecurity Culture

Read more

Bestman Solutions Sponsors Pulse Conferences’ 8th CISO 360 Global Congress

Read more