The CISOs New Dawn

Chapter One

An Effective Security Leader - the year that changed it all

The Chief Information Security Officer's (CISO's) role has grown and matured fast from a standing start less than 30 years ago. Lately, this progress has accelerated. Recent events have thrust information security – along with CISOs, their teams and suppliers – into the spotlight, and suddenly cyber professionals have started getting invites to all the right parties.

But this ascent to mainstream business relevance, trust and recognition comes with several burdens – not least changing priorities, a need to develop or refine soft skills, and a host of fresh responsibilities and accountabilities.

To maintain effectiveness as an operational CISO is, under current circumstances, one of the most challenging responsibilities they face. Recent events, it seems, have added further challenges: embracing and adapting to new pressures, requirements and requests that stretch the CISO's traditional roles in several directions at once. This brave new world is one littered with personal, political and human challenges, as well as the technical ones.

In this chapter, the panel outline how their roles have changed over the last 12-18 months:

• Have your role´s responsibilities changed in the last 12-18 months, and have you been required to learn new skills?
• Have you needed to upskill around cloud security, device sprawl, RPA, AI, ML, Analytics, Threat Intelligence, etc?
• Have you had to increase your business skills and the impact you have on company achievements?
• Do you believe that your role will become more critical to your business?
• Do you believe your role has increased in EQ as well as IQ?
• What do you believe you need to improve to excel in your role?
• How could your peers and reporting line management help you succeed?

You can find the full report at the following link: https://www.f-secure.com/en/business/resources/an-effective-security-leader

You will be immediately notified as each of the following chapters is published.

• Chapter Two - A Reality Check
• Chapter Three - The Cyber Threat Surface
• Chapter Four - Cyber Triggers Influence Change

Research Methodology and Contributors

As the author of this research, SynergySix worked closely with the team at F-Secure who funded the report while all interviewees contributed on a voluntary basis.The qualitative interviews for this research have been conducted independently from the sponsors of the work. All editorial control  remained under the authority of SynergySix

Twenty-eight interviews were undertaken between July and September 2020. A total of 23 interviews were conducted one-on-one and five interviewees provided their responses via the qualitative questionnaire, all on a confidential basis. At no time was the sponsor aware of the full interviewee list. All call-out and respondent listing attributions were sought by the author following completion of all interviews. This approach was adopted to encourage candid contributions. The setup and questioning approach has been designed to avoid bias, and where there has been risk of bias, this has been explicitly discussed in the interviews. Only three of the interviewees were existing F-Secure customers at the time of the research.

Each interview lasted at least an hour, with most lasting around 90 minutes and many leading to follow-up conversations to discuss the conclusions of the research.

The cohort of interviewees were approached based on their depth of expertise and were selected to build a balanced set of inputs.

SynergySix or the author Kevin Bailey had no commercial connection with the interviewees.

The participants were assured that the report was not intended to directly, imply or intimate that they endorsed or validated any sponsor products or services. The roles covered in the cohort include CISOs (or equivalent title), Head of Cyber Security, Director of Information Security and Head of Threat Intelligence. Financial services is the most strongly represented cohort.