How the CISO speaks to co-executives is equally important, Snehai Antani, CEO of Horizon3, tells CSO. His advice: “The CISO needs to shift away from discussions about technologies and focus on outcomes, speak more to business continuity, and risks and risk mitigation,” all focused topics which are strategic to business success.
Team-building retreats can help raise a CISO’s profile
Retreats can help raise a CISO’s profile — no, not the “retreat from the fray” type of retreat, but the engagement type of retreat. There is an entire industry built around team building and few will argue that a group of individuals who have a shared experience don’t get to know one another better.
This is an opportunity to build trust with one another, according to Simpson, who expressed his positive experiences in “executive retreats where they give Myers Briggs [tests] and help explain how to communicate with each other. It is a great asset. There is no substitute for face time with your fellow executives. It not only builds familiarity, it also builds trust.” Not only should a CISO push for an invitation to these kinds of events, but they should also encourage any opportunity to extend the scope of their cyber evangelism.
CISOs need to constantly reiterate their value to a company
In a similar vein, Manny Rivelo, CEO of Forcepoint, noted that “CISOs need to bring their value forward as their teams heighten productivity, increase ROI, and ensure a higher level of compliance for the company’s sectors.”
CISOs shoulder tremendous responsibility and as such, should be held accountable for the responsibilities they shoulder. That said, they also must be resourced adequately. Seid observed that the CISO “needs to be held to the same standards as the CFO and should engage the C-Suite in a similar manner.”
And the kicker is, as recent experience has shown, that CISOs who don’t feel recognized or valued or are stressed and headed for burnout won’t stick around. For them, it’s like the line from the Kenny Rogers song: “You gotta know when to hold ’em, know when to fold ’em.” That’s no good for the company and no good for business in general — something boards should consider when they’re reluctant to bring the CISO into the executive fold.