What’s the single biggest factor in a CISO candidate getting hired for a coveted Fortune 500 or government position? I recently posed this question to five of InfoSec’s top executive recruiters* and they all came back with the same answer. Killer technical chops, a cutting-edge SOC team, an MBA – these are all now table stakes. The real secret?
Executive presence.
The simplest definition of executive presence is the ability to push your agenda at the highest levels of the organization. CISOs with executive presence:
- Convey confidence and command the room’s attention when they speak
- Lead large, complex initiatives
- Transition seamlessly between business and technology
- Inspire their team members
- Understand context and adjust their approach based on their audience
You know a CISO with executive presence when you spend time with one. Roland Cloutier of ADP has it. So does Shamla Naidoo of IBM, Adam Fletcher of Blackstone, and Mark Clancy of Sprint – to name a few. Interestingly, each of these individuals is effective in his or her own unique way.
“It comes back to the way they think through problems, the way they frame them up, and the way they communicate to multiple audiences,” noted Aileen Alexander of Korn Ferry.
Executive presence shines through in the interview process, offered up Matt Comyns of Caldwell Partners. “One candidate was the underdog in the slate of candidates that I presented,” Comyns said, “but she held up under fire, and proved that she had the executive competencies that allowed them to take that leap of faith with her.”
Executive presence is really the by-product of doing a lot of important, hard things over time. It’s gained by being in the fray with the right people at the right level. You gain it by winning and sometimes stumbling at a variety of corporate challenges. Here are three places to start.
1. Acquire Deep Knowledge of Your Business
“The highest performing CISOs that I know have a deep knowledge of how their businesses work and how they make money,” explained Jamey Cummings of Korn Ferry. “They also have a sense of where the market is going and how their businesses need to adapt over the coming 24 months. This is someone who can have that conversation, understand what the drivers and motivations of the business are, and drive sales and profitability by communicating how the security function can enhance that and/or inhibit it.”
Deep knowledge and strategic context allows CISOs to guide their InfoSec teams to deliver on what the business needs to grow and win in the marketplace. Acquiring this context depends in part on having the necessary business skills. An understanding of product development, operations, marketing, sales, accounting and finance is critical. Business classes or an MBA helps, too.
Mentorship can also be a powerful tool. Good mentors help you contextualize a business problem and teach you how to solve it. Your boss should be a natural mentor, but not your only one. Go find 1-2 mentors – preferably outside of InfoSec and IT – who can help you gain that business context and understanding.
2. Earn Your Seat at the Table
“Business leaders make big decisions all the time,” noted Renee Arrington of Pearson Partners. “High performing CISOs get invited to these meetings because they’ve made themselves indispensable in providing input and contributing.”
To gain an executive presence, you need to study how your business leaders interact and make decisions. And to do this, you need to be in the room when senior executives meet. So how do you get there? Develop a deep expertise on an emerging topic that you know your executives will care about. Blockchain is a great example. Build your knowledge of the topic. Then articulate in clear, non-technical terms what it is and why it is important to the business. Detail in non-geeky language the security implications of any deployment.
And please, keep it short. Executives will not be shy about asking follow-up questions, if they have any.
3. Have the Courage to Stumble
“I like seeing a CISO who stepped up and led a big, complex corporate initiative,” noted Kal Bittianda of Egon Zehnder. “It shows courage. Whether the initiative was a success or a stumble, the CISO emerged a better executive for it.”
CISOs are a conservative, risk-averse group. However, growing as an executive will require risk taking. The next time that you have the opportunity to participate (or better yet lead!) a pressing, strategic initiative, don’t immediately say “I’m too busy” or “no”. Get out of your corporate comfort zone. That’s when real business learning and personal development takes place.
* * *
Gaining executive presence is a by-product of gaining business context, of seeing how executives make decisions and of showing some courage. It’s a contact sport. CISOs, let’s get started! Attend one of our CISO Roundtables and participate in discussions among your peers.
*The conclusions are solely mine, but thanks to the following InfoSec executive recruiters for their valuable input: Aileen Alexander of Korn Ferry; Renee Arringtonof Pearson Partners; Kal Bittianda of Egon Zehnder; Matt Comyns of Caldwell Partners and Jamey Cummings of Korn Ferry.