The Importance of Communication in the CSO/CISO Role
The Future of the CSO/CISO Role
A job well done, in many cases, is a job no one notices. Excellent security often goes unnoticed…security professionals can make even difficult tasks look easy. That’s true for everyone we rely on each day to keep the world running smoothly, including men and women in charge of keeping people, assets and data secure in the workplace. Unfortunately, when no one notices the job being done, let alone the job being done well, people tend to forget the importance of it. That’s why it’s becoming more and more vital that Chief Security Officers (CSOs) and Chief Information Security Officers (CISOs) learn to blend the work they’ve been trained to do with some simple marketing.
Appreciate your own work and that of your team
If something was a challenge to accomplish, don’t downplay your efforts. For example, if you’re working on patching what could be a major security weakness within the organization with an understaffed or underfunded team (and who isn’t these days) and you complete that project ahead of schedule or without incident, you might mention at the next corporate meeting that you would like to take a moment to recognize the excellent work your team did surpassing expectations. It’s not bragging or arrogance. It’s just telling things like they are. Security professionals aren’t accustomed to doing (or saying) things that draw attention to themselves or their work. However, it is important to keep security in the spotlight to stay ahead of threats.
Make your value known
This is a similar point to showing appreciation for your own work. It’s important that other corporate officials realize the value of the work you and your team are doing. Showing appreciation for a job well done is approaching this valuation from a hindsight perspective, but what about a future perspective? At corporate meetings it’s often a disadvantage that people don’t like to bring bad news. Sometimes that translates into avoiding talking about problems. It’s important to talk about problems, though, even before they’re solved. Let others know what you’re working on. Discuss current problems in the physical security or cybersecurity world. Talk about how your company is protected from some security issues or needs to perform some updates to prevent security breaches. Even if you don’t yet have a success to share, let others know what you plan to work on as something a little more than an itinerary. Let them know the importance of what you’ll be doing.
To some people, computers are like little magic boxes that perform functions we give them commands for. When this simple function breaks down, people will get irate. They don’t want to know how it works. They just want it to work. Sometimes, however, it’s in your best interest to share information about why certain regulations exist or why a person shouldn’t do certain things or why redundant data storage is, in fact, necessary. Why can’t you forward confidential work emails to a third party account to make it easier to check work email on the weekends? Why can’t you open files downloaded from less-than-reputable websites? Why do you need a RAID array instead of a single hard drive? Why spend the extra money? Why go the extra mile? There are many, many good answers to questions like these and more. Chances are you already know the answers to them and often, it’s going to be in everyone’s best interest to share that information with as many people as possible.
If everything regarding security is running smoothly at your workplace and has been for quite some time, such that your department meetings are a little monotonous, consider holding a seminar on something everyone on your team might benefit from. You might find some good ideas on our site about things like necessary skills to be a good leader or the importance of professional development at work.
Sometimes a good CSO or CISO will make a job look so easy it’s effortless. The future of the CSO/CISO role is going to start incorporating social skills that remind people just because it looks effortless that doesn’t mean it is.