InfoSec-Specific Executive Development for CISOs and Aspiring Security Leaders.
Live Faculty-led instruction and interactive labs to build you and your team's InfoSec skills
What’s the single biggest factor in a CISO candidate getting hired for a coveted Fortune 500 or government position? I recently posed this question to five of InfoSec’s top executive recruiters* and they all came back with the same answer. Killer technical chops, a cutting-edge SOC team, an MBA – these are all now table stakes. The real secret?
The simplest definition of executive presence is the ability to push your agenda at the highest levels of the organization. CISOs with executive presence:
You know a CISO with executive presence when you spend time with one. Roland Cloutier of ADP has it. So does Shamla Naidoo of IBM, Adam Fletcher of Blackstone, and Mark Clancy of Sprint – to name a few. Interestingly, each of these individuals is effective in his or her own unique way.
“It comes back to the way they think through problems, the way they frame them up, and the way they communicate to multiple audiences,” noted Aileen Alexander of Korn Ferry.
Executive presence shines through in the interview process, offered up Matt Comyns of Caldwell Partners. “One candidate was the underdog in the slate of candidates that I presented,” Comyns said, “but she held up under fire, and proved that she had the executive competencies that allowed them to take that leap of faith with her.”
Executive presence is really the by-product of doing a lot of important, hard things over time. It’s gained by being in the fray with the right people at the right level. You gain it by winning and sometimes stumbling at a variety of corporate challenges. Here are three places to start.
1. Acquire Deep Knowledge of Your Business
“The highest performing CISOs that I know have a deep knowledge of how their businesses work and how they make money,” explained Jamey Cummings of Korn Ferry. “They also have a sense of where the market is going and how their businesses need to adapt over the coming 24 months. This is someone who can have that conversation, understand what the drivers and motivations of the business are, and drive sales and profitability by communicating how the security function can enhance that and/or inhibit it.”
Deep knowledge and strategic context allows CISOs to guide their InfoSec teams to deliver on what the business needs to grow and win in the marketplace. Acquiring this context depends in part on having the necessary business skills. An understanding of product development, operations, marketing, sales, accounting and finance is critical. Business classes or an MBA helps, too.
Mentorship can also be a powerful tool. Good mentors help you contextualize a business problem and teach you how to solve it. Your boss should be a natural mentor, but not your only one. Go find 1-2 mentors – preferably outside of InfoSec and IT – who can help you gain that business context and understanding.
2. Earn Your Seat at the Table
“Business leaders make big decisions all the time,” noted Renee Arrington of Pearson Partners. “High performing CISOs get invited to these meetings because they’ve made themselves indispensable in providing input and contributing.”
To gain an executive presence, you need to study how your business leaders interact and make decisions. And to do this, you need to be in the room when senior executives meet. So how do you get there? Develop a deep expertise on an emerging topic that you know your executives will care about. Blockchain is a great example. Build your knowledge of the topic. Then articulate in clear, non-technical terms what it is and why it is important to the business. Detail in non-geeky language the security implications of any deployment.
And please, keep it short. Executives will not be shy about asking follow-up questions, if they have any.
3. Have the Courage to Stumble
“I like seeing a CISO who stepped up and led a big, complex corporate initiative,” noted Kal Bittianda of Egon Zehnder. “It shows courage. Whether the initiative was a success or a stumble, the CISO emerged a better executive for it.”
CISOs are a conservative, risk-averse group. However, growing as an executive will require risk taking. The next time that you have the opportunity to participate (or better yet lead!) a pressing, strategic initiative, don’t immediately say “I’m too busy” or “no”. Get out of your corporate comfort zone. That’s when real business learning and personal development takes place.
* * *
Gaining executive presence is a by-product of gaining business context, of seeing how executives make decisions and of showing some courage. It’s a contact sport. CISOs, let’s get started! Attend one of our CISO Roundtables and participate in discussions among your peers.
*The conclusions are solely mine, but thanks to the following InfoSec executive recruiters for their valuable input: Aileen Alexander of Korn Ferry; Renee Arringtonof Pearson Partners; Kal Bittianda of Egon Zehnder; Matt Comyns of Caldwell Partners and Jamey Cummings of Korn Ferry.
November 13, 2019
By Phil Gardner
CISOs need to observe, understand and act with regard to protecting consumer privacy and regulations associated with the downside of new technologies, including facial recognition, machine learning and AI.
April 4, 2018
Why do some CISOs consistently command the budget and resources they need while others struggle? What can budget-constrained CISOs do to garner the support they need for their programs? Find answers in our 'Battle of the InfoSec Budget' research report.
July 10, 2018
The last day of RSA is usually a ghost town. So I was surprised to find hundreds of folks crowding into seats for a Friday morning session, all to hear Robert Jones and Garin Pace of AIG discuss “Debunking Myths for Cyber Insurance.”