CISO Voices: The CISO as a Storyteller—Part 5
There’s no doubt that cybersecurity has its moments of high drama. But Bridget Kenyon, chief information security officer (CISO) with Thales Digital Identity and Security, wants businesses to understand that it’s much more than an emergency service.
Bridget made this clear in her recent discussion with the People Hacker, Jenny Radcliffe, for the “Human Factor Security” podcast. The pair also talked about how CISOs can take and keep their seat at the boardroom table, among other topics. Here’s a summary of their conversation.
On the role of the CISO post-pandemic
The pandemic gave many CISOs a foot in the door of the boardroom. Everything had to be done at a fast pace, so cybersecurity professionals were front and center during emergency meetings and business-critical discussions.
This changed the perception of the CISO’s role because board members could clearly see how cybersecurity is an enabler to change. Instead of the CISO turning up after a decision had already been made and saying, “Have you thought of this?” questions were put to them proactively. CISOs were asked, “How do we securely facilitate remote working for our entire workforce? How can you help us?”
Now, as we’re returning to a business-as-usual mindset, it’s important not to go back to thinking cybersecurity is just an emergency service. While it’s gratifying to be called on to solve a problem, we need to show how important it is to the business to prevent these problems from occurring in the first place.
The importance of nurturing talent
Recruitment is incredibly challenging right now. It’s very much a seller’s market in that respect. To overcome this, employers must move away from the idea of hiring the finished article that ticks all the boxes.
Instead, we should look to hire people who are willing to learn and have aptitude and enthusiasm that can be nurtured and developed. Of course, when we do this, there is a high chance that this person will gain skills and then wish to move upward or leave the organization altogether.
Rather than looking at the expense of developing people like this, look at what they offer while they are in the role. No one is hiring for life. We can’t expect people to take junior or midlevel roles and just stay there. People develop, people move. They may want to travel or take a sabbatical. And that’s OK.
The importance of soft skills in cybersecurity
The more senior your role in cybersecurity, the more likely you are to liaise with senior staff from other departments. So, you’re expected to be an everyman rather than a specialist.
To do this successfully, you need to be able to get along with people. This helps you come to conclusions and agreements quickly. Essentially, being good at your job comes down to social skills. But not only that. You also need to understand the business and be able to communicate about the business effectively. Because we are the business, just as much as IT, finance, HR, etc.
While there’s still a mindset that cybersecurity is an additional project or add-on—and we’re still not a business-as-usual experience for everyone—things aren’t going back to how they were before we had a seat at the table.
Want to hear more from CISOs?
Head to “CISO Voices” to hear from Bridget in her own words and access other episodes. And check out more of Jenny’s “Human Factor Security” podcasts, which feature further insights from cybersecurity experts. Also, keep an eye out for the next installment of this podcast series, when Christian Toon of Pinsent Masons joins Jenny to discuss how hackers are attempting to disrupt legal processes with clever spoofing attacks—and how security teams can respond.
Proofpoint CISO Hub
Visit our CISO Hub to get regular updates on cybersecurity research, insights and resources specifically for the global CISO community.