The role of the CISO
Let's start at the beginning.
If you're going to have an effective conversation with a CISO, it first helps to actually understand what that person does. What are they responsible for? Who do they report to? What do they do all day? Why should they care about what I have to say? What problems might they have?
These questions and so many more are relevant. And we'll get to all of that.
So what is the role of the CISO?
When I asked this question to a group in my live cohort version of this course, these were the results.
As you can see, the answers covered a pretty broad cross-section of areas.
- Compliance
- Policy
- Leadership
- An advocate to other executives
- A protector
- A risk manager
- Someone who listens and learns
This is a good start. But it only scratches the surface.
The CISO walks the line of two main roles
The CISO at their core is both an enabler of their organization's mission and a protector of that organization's assets.
So what does that really mean?
At its core, any organization is on some kind of mission. Let's take LinkedIn's mission statement:
Connect the world’s professionals to make them more productive and successful.
Cybersecurity teams are in the position here where they are helping the product, data, sales, and growth teams securely do what they need to do in support of that mission.
On the other side of the coin, cybersecurity teams are protectors. All organizations have assets, which is something that needs protecting. That might be data, key functionality, credentials, content, or something else entirely. Cybersecurity teams help their organizations find and remedy the myriad of places where things could go wrong or be exploited. The CISO guides and sets the strategy around how to do that, how to allocate their resources, and how to prioritize one thing over another.