The CISO role may be one of the toughest out there. The CISO - and security more generally - are often misunderstood, undervalued, or perceived as at best a necessary evil. And the CISO job description is too often seen as a solely technical matter - ignoring the critical interpersonal and communication skills that drive CISO success.
That's a problem - especially given than IT security is - or should be - one of the top priorities of business.
But the increasingly negative news coverage on major breaches - and sense of pessimism about the inevitability of those breaches - makes the CISO's job that much harder.
That's why I found this article - What CISOs need most: Courage in the face of security nihilism - to be so valuable.
Simon Crosby says in the article, "I advise security executives to keep a level head and disregard the drumbeat of bad news — to keep calm and focus on strategic infrastructure projects. The InfoSec industry feeds on fear and hype. Security vendors, journalists, politicians — anyone seeking a click, a vote, budget, or selling something — benefits by exaggerating your perception of risk because fear sells."
I think that's great advice. Because - even for the best CISO - hearing nothing but bad news is going to take a toll.
And it's easy for every technology executive to ignore what's going on internally, and focus exclusively on the technical side of things. But that's just not enough for any technology executive - whether CISO, CIO, CTO, or either flavor of CDO.
Technology Executives have to drive change - and have to communicate the value of that change, often in the face of either hostile or unclear audiences.
That's a key part of the CISO job description - now more than ever.
And - as Simon Crosby says - that takes courage. Because if other members of the executive team have fallen prey to the bad news - and feel that all they can do is wait for something catastrophic to happen - they're going to be even less receptive to the real investment that's critical to ensure maximum security in today's increasing dangerous security landscape.