Cybersecurity Leadership: Stepping Back So Others Can Step Up
Knowing Where To Draw The Line
For as long as I have been in the cybersecurity industry (too long, too long) there has been discussion about the role of the cybersecurity leader. What functions should be in security? Who should a Chief Information Security Officer (CISO) report to? Is a good CISO technically- or business-focused? What makes a security leader? How can a CISO get into the C-Suite? How can they stay there? What does cybersecurity leadership even look like?
There are certainly high-profile CISOs… they typically operate in a large publicly-traded company, and oversee millions of dollars of security budget, and get paid millions of dollars to do so. Some CISO-stars have a reputation for coming into a company after a big breach, and turning around the security profile of an organization. They are adored by other security professionals, are applauded on the security speaking circuit, and are invited to speak to governments and thinktanks. The industry needs people like this.
But for most security leaders, the reality of their day job is far from this public image of security leadership. Instead, they work day in and day out in their organizations, fighting budget battles, coaching their teams, nudging their stakeholders to think just a bit more about security…