Business Leader, CISO Skills, & Building Your Cybersecurity A-Team – BSW #211

Markets change, and business models have to change in parallel. Success depends on constant business model innovation. In order to succeed, you need to get two things right: 1. You have to target a defensible market segment, and 2. you have to create a business model that enables you to win against competitors who are going after your target segment. In developing a high-profit business model to engage your target customers, you have three choices: 1. increase your customer value, or 2. lower your cost to serve, or 3. do both.

Organisations aren't in a position to be complacent about cybersecurity, says NCSC CEO Lindy Cameron, who warns of threats from ransomware to attacks against critical infrastructure.

In 2021, CISOs need to be on the top of their game. Here's three tips for managing expectations with the C-Suite and the Board: 1. Open Discourse and Be Transparent 2. Establish a Narrative 3. Focus on the Future

Just a few months past the initial SolarWinds discovery, it is clear that standardized cybersecurity regulation is needed to outline best practices for companies to follow. A coordinated approach at the federal and even global level would strengthen companies’ security posture internally and externally, including customers and third-party vendors.

Having good technical skills is not enough to be an effective security leader today. Here are the essential skills to be an effective business leader: 1. Companies today are increasingly looking for their next generation of information security managers to be certified CISO. 2. Need to develop soft critical skills such as communication, reporting, and cost-benefit analysis. 3. Being able to communicate with the Board in clear, concise, relatable terms will be a differentiator for CISOs. 4. Security for the sake of security is a failure on the part of a CISO — collaborative security and functional operability are where everyone is successful. 5. Soft skills such as understanding of privacy, security awareness, and training, knowledge of governance, security communications, or cyber law and ethics. 6. Cloud security skills and understanding the roles of the service vendor, the cloud provider, and the end customer will be a critical need for many companies this year. 7. Companies need to implement formal training programs to continue to educate and train their talented employees as the sector continues to evolve daily.

It is important for information security officers to figure out what needs to be done and how to prioritize each task in order to protect their organization against cyber threats. Some of the insights mentioned below would interest information security officers – 1. Information Security has Taken the Front Seat 2. Information Security Officers are Closer to Business than Ever 3. Nothing Can Replace Human Awareness 4. Insider Threat is a Reality 5. Remote Work Culture is Here to Stay

Best practices for building your cybersecurity team: 1. Look beyond the usual places to find talent 2. Don't require candidates to have niche skills 3. Look for relevant skills beyond formal education 4. Be willing to train candidates after they're hired 5. Use certifications to give a candidate context 6. Carefully craft your job descriptions 7. Sell your job