CISO Skills in a Changing Security Market: Are You Prepared?
The CISO role has evolved from a strictly technical position to one that increasingly requires business acumen. Here are some things you need to know.
October 30, 2023
By Arvind Raman, Senior Vice President and Chief Information Security Officer, BlackBerry
What types of skills do CISOs need now? As senior vice president and chief information security officer (CISO) of one of the world's most trusted cybersecurity software and services companies, it's literally my job to know.
My responsibilities include protecting and enabling business development at a global organization that wears a big target on its back. We are also "customer zero" at a company that believes deeply in the need to "drink its own champagne." That means we base our cyber defenses on our own internally developed products to the greatest extent possible.
In addition, we're a managed security service provider (MSSP) through our CylanceGUARD managed detection and response (MDR) subscription service, and many of our channel partners are also MSSPs, all using BlackBerry Cylance artificial intelligence (AI)-based products to protect external organizations.
The ultimate decision-maker for purchasing and deploying our portfolio of cyber products is often the CISO of an organization. For all these reasons and more, I spend a fair amount of time talking to fellow CISOs and comparing notes on what keeps us up at night and what success looks like for a modern CISO.
Over two decades of cybersecurity and technology experience across a wide range of industries and organizations have helped me grow as a leader and afforded me many opportunities to "give back" by sharing hard-won knowledge with other cybersecurity professionals. I have watched the CISO role evolve from a strictly technical position to one that increasingly requires business ability and acumen.
Today's CISOs must be able to effectively evaluate both risk and opportunity. They must be able to formulate and execute strategies to strike a healthy balance between these two competing factors and communicate those solutions to senior leadership.
What Future CISOs Need to Know
If you are already a CISO, you are well aware of the way this role has pivoted. But what if you are a cybersecurity professional aspiring to reach a CISO role? What kind of mindset and skills should you cultivate? Here are a few to consider.
CISOs must be critical thinkers: In our digitized world, CISOs play a pivotal role beyond the technical aspects by engaging in strategic business discussions. Their input should be integral to organizational decision-making, requiring a balance of technical and business acumen.
CISOs must be educators: With increasing reliance on CISO insights for business decisions, they must educate boards and decision-makers and often report directly to CEOs. Staying updated on industry trends and aligning decisions with current risks is essential.
CISOs must value different perspectives: Effective CISOs benefit from diverse security perspectives gained through experiences in various industries and roles. A broad background spanning different functions equips them to excel in their roles.
CISOs are cybersecurity evangelists: As cybersecurity leaders, CISOs promote a multi-layered defense strategy, encompassing both technological advancements and workforce awareness. They ensure that end users are informed about risks and contribute as an additional layer of defense.
Final Advice for All Information Security Professionals
As you build and mature your program using multi-layered defenses, always bear in mind that cyber risk can only be managed, never eliminated. For today's CISOs and those of the future, cyber-risk is another type of business risk every organization will continually face.
In an interview earlier this year, I shared what I think are the top cyber-risk challenges facing CISOs.
I hope these perspectives will help you on your CISO journey, no matter which stage of your career you are in.
About the Author
Arvind Raman is a Senior Vice President and BlackBerry's Chief Information Security Officer. In this role, he leads all aspects of the company's information security, product security, and GRC program globally, focusing on effective management of cybersecurity risks, policies, and procedures.
Arvind brings over 20 years of information security, technology, R&D experience, and leadership to BlackBerry. Arvind's previous experience includes serving as the Global CISO at Mitel, Global Head Information Security for Scotia Bank, and Director of Cyber & Data Security for CIBC.
Read more about:
Sponsor Resource CenterYou May Also Like