The Secret Trait of Fortune 500 CISOs

August 22, 2018 | By Phil Gardner, IANS Founder & CEO


What’s the single biggest factor in a CISO candidate getting hired for a coveted Fortune 500 or government position? I recently posed this question to five of InfoSec’s top executive recruiters* and they all came back with the same answer. Killer technical chops, a cutting-edge SOC team, an MBA – these are all now table stakes. The real secret? 

Executive presence. 

The simplest definition of executive presence is the ability to push your agenda at the highest levels of the organization. CISOs with executive presence: 

  • Convey confidence and command the room’s attention when they speak
  • Lead large, complex initiatives
  • Transition seamlessly between business and technology
  • Inspire their team members
  • Understand context and adjust their approach based on their audience

You know a CISO with executive presence when you spend time with one. Roland Cloutierof ADP has it. So does Shamla Naidoo of IBM, Adam Fletcher of Blackstone, and Mark Clancy of Sprint – to name a few. Interestingly, each of these individuals is effective in his or her own unique way. 

“It comes back to the way they think through problems, the way they frame them up, and the way they communicate to multiple audiences,” noted Aileen Alexander of Korn Ferry.

Executive presence shines through in the interview process, offered up Matt Comyns of Caldwell Partners. “One candidate was the underdog in the slate of candidates that I presented,” Comyns said, “but she held up under fire, and proved that she had the executive competencies that allowed them to take that leap of faith with her.”

Executive presence is really the by-product of doing a lot of important, hard things over time. It’s gained by being in the fray with the right people at the right level. You gain it by winning and sometimes stumbling at a variety of corporate challenges. Here are three places to start.

1. Acquire Deep Knowledge of Your Business 

“The highest performing CISOs that I know have a deep knowledge of how their businesses work and how they make money,” explained Jamey Cummings of Korn Ferry. “They also have a sense of where the market is going and how their businesses need to adapt over the coming 24 months. This is someone who can have that conversation, understand what the drivers and motivations of the business are, and drive sales and profitability by communicating how the security function can enhance that and/or inhibit it.” 

Deep knowledge and strategic context allows CISOs to guide their InfoSec teams to deliver on what the business needs to grow and win in the marketplace. Acquiring this context depends in part on having the necessary business skills. An understanding of product development, operations, marketing, sales, accounting and finance is critical. Business classes or an MBA helps, too.

Mentorship can also be a powerful tool. Good mentors help you contextualize a business problem and teach you how to solve it. Your boss should be a natural mentor, but not your only one. Go find 1-2 mentors – preferably outside of InfoSec and IT – who can help you gain that business context and understanding. 

2. Earn Your Seat at the Table 

“Business leaders make big decisions all the time,” noted Renee Arrington of Pearson Partners. “High performing CISOs get invited to these meetings because they’ve made themselves indispensable in providing input and contributing.”

To gain an executive presence, you need to study how your business leaders interact and make decisions. And to do this, you need to be in the room when senior executives meet. So how do you get there? Develop a deep expertise on an emerging topic that you know your executives will care about. Blockchain is a great example. Build your knowledge of the topic. Then articulate in clear, non-technical terms what it is and why it is important to the business. Detail in non-geeky language the security implications of any deployment.

And please, keep it short. Executives will not be shy about asking follow-up questions, if they have any.

3. Have the Courage to Stumble 

“I like seeing a CISO who stepped up and led a big, complex corporate initiative,” noted Kal Bittianda of Egon Zehnder. “It shows courage. Whether the initiative was a success or a stumble, the CISO emerged a better executive for it.” 

CISOs are a conservative, risk-averse group. However, growing as an executive will require risk taking. The next time that you have the opportunity to participate (or better yet lead!) a pressing, strategic initiative, don’t immediately say “I’m too busy” or “no”. Get out of your corporate comfort zone. That’s when real business learning and personal development takes place.

*  *  *

Gaining executive presence is a by-product of gaining business context, of seeing how executives make decisions and of showing some courage. It’s a contact sport. CISOs, let’s get started! 

At our upcoming Fall CISO Roundtables, these executive recruiters and others will participate in panel discussions with the assembled CISOs. I’ll be moderating the session and I promise you that it won’t be boring! Take a look at the calendar. If your schedule allows, please come join us.

*The conclusions are solely mine, but thanks to the following InfoSec executive recruiters for their valuable input: Aileen Alexander of Korn Ferry; Renee Arringtonof Pearson Partners; Kal Bittianda of Egon Zehnder; Matt Comyns of Caldwell Partners and Jamey Cummings of Korn Ferry.

What we do.

We deliver what CISOs and their teams need most: unbiased, practical advice; the ability to speak with professionals who understand their challenges; and peer interaction to keep their knowledge and skills fresh and up-to-date.

Decision Support

End-User Decision Support is our flagship offering delivered through an annual subscription service designed for CISOs and their teams. IANS connects you with independent experts and practitioners who have ‘been there, seen it, and done it,’ enabling you to accelerate your capabilities and make informed decisions.

Learn More

Consulting

We work with you to shape engagements and provision them with the right IANS Faculty experts. Your project will never be staffed with junior level consultants. Our expertise is built from hands-on experience. We staff your project with doers who recommend actions, and then help you take them.

Learn More

Events

Our events feature IANS Faculty members who offer a breadth of in-the-weeds advice and high-level guidance for the entire security team. Designed for you to engage with like-minded security professionals in a supportive environment, you’ll learn from a variety of industry approaches and use cases.

Learn More