Why CISOs must understand the business –

Posted on By Lennon

Why CISOs must understand the business
Table of Contents

While CISOs require technical skills, they also need business skills to push their agenda and secure the funding and support they need.
By Isabella Harford, TechTarget
When you hear the term CISO, you immediately think of the person responsible for a company’s cyber- and data security strategy. The CISO’s role involves keeping the organization afloat. Without the proper planning, a data breach could lead to financial and reputational damage that could cause an organization’s collapse.
However, many CISOs struggle to get support from their colleagues, board members, and C-level professionals.
Erdal Ozkaya, author Cybersecurity Leadership Demystified, said, “If you are a nerd that can’t talk about business, they won’t take you seriously.”
Ozkaya provides tips for CISOs about how to balance technical and business aspects of their role as CISOs. He also offers advice on how to communicate cybersecurity at both a senior and operational level. Ozkaya also provides guidance on how to build a successful security organization, implement effective security operations practices, work with HR, and create an incident response plan.
Ozkaya, the author of 16 infosec books and cybersecurity books, discusses the importance for CISOs to understand business strategies and explains why CISOs must build relationships with other departments in order to be successful.
Editor’s Note: This text has been edited to be more concise and clear.
Who should read your book
Erdal Ozkaya: This book will be of benefit to both CISOs who are trying to get there and new comers. As a security advisor at Microsoft I met many CISOs that weren’t from the cybersecurity field. They were searching for advice but couldn’t find any book that would cover all their needs. This is what I tried to do with Cybersecurity Leadership Demystified.
Ozkaya: For people who are in the industry and those who aren’t, I will answer both.
People who work in the industry are often nerds, computer geeks, or gurus. They enjoy programming, conducting penetration tests, and minimizing communication. However, in a C-level role, you must be able to talk about security with people who don’t understand technology. CISOs today must be able to understand technology and business. This is also true for those who are not from the industry. You’d be surprised at the number of CISOs who have previously worked in product management or marketing. These individuals may have business experience but they still need to be able to understand technology. CISOs need to understand cybersecurity’s core values so that they can design the best defense mechanisms.
What departments and teams should CISOs prioritise partnering with?
Ozkaya: CISOs need to work with all departments. However, not all departments are equal in cybersecurity. For example, the cleaning department cannot help with computer viruses. This requires the assistance of the incident response team.
It doesn’t matter if you get hacked, it’s about when. Get ready to get your business back online as soon and as quickly as possible.
Begin by working with the incident response team.
A second option is to have a security operations team who can monitor the network.
Third, you should have a red-and-blue team. These internal ethical hackers are able to spot vulnerabilities.
The only difference between hackers and the red team is that the hackers will metaphorically break into your home, open your safe, and leave a Postit note.

Uncategorized

More Related Articles

Risk Management for Small Projects. I know that I have neglected to manage small/simple projects in the past. However, the need for risk management becomes evident when managing large/complex projects. This topic was the subject of a recent discussion in pmStudent.e-Learning. I’ll share some of my thoughts and welcome your comments. Scaling it down photo by Soggydan Dan Bennett via flickr. My basic principle when managing small projects is to scale back the critical project management processes to fit the environment, not eliminate the need. Although I didn’t feel this way in the beginning, my perspective changed after managing larger projects. I see the value of thinking about even the smallest projects in an organized way. Sometimes, distinct activities can be combined on smaller projects. However, I’ve come to the conclusion that this is not optimal. Respecting the boundaries between discrete projects management processes is key to clarity and thought. This helps you get better results and preserves the integrity of your process. Intuition: The simpler a project is, the easier it will be to intuitively grasp the risks involved. If your project is two weeks long, you will need to think about the risks when planning the project. Because it is a short time frame, you will probably be quite proficient at it if your team has done similar projects before. How valid is our “gut feeling” in identifying and assessing risk? The longer a project takes, the more involved it becomes. Continuous risk management is essential for a long-term project. This will ensure that you identify and assess all risks throughout the project’s life cycle. Even if a project is only for a month, it is possible to only do this activity once or twice. It’s not going be a 2-hour discussion. It should be a 5-minute conversation. Steps to manage risk in small projects Uncategorized
New Horizons of Southern California invites you to Anaheim! Uncategorized
Quick Guide to Processing GPS Data with Azure stream Analytics: Geo-spatial Functions Uncategorized
New Horizons Learning Group Teams with Burstorm to Tackle Cloud Skills Gap with First-Ever Hands-On Infrastructure Design Training Uncategorized
Is the CCNP Collaboration worth it? Uncategorized
7 Signs You Are a Good Project Manager Uncategorized