April 12, 2017 By George Moraetes 2 min read

The role of the chief information security officer (CISO) must continually evolve just as businesses do. The next-generation security leader has to grasp the various demands of the board, and communicate security risks and strategies in terms directors can understand. To protect the organization’s assets from the ever-changing threat landscape, this leader must posses a strong business acumen, a results-oriented mindset and various board-level skills.

Speak the Board’s Language

The security leader needs to be business-facing most of the time in relation to a technical role. This is where productivity gets stymied, since the CISO oversees technical environments with many tools and technologies implemented.

In a business environment, it is extremely important to convey technical details appropriately to a nontechnical audience. Next-generation CISOs must be able to communicate clearly to all executives and employees within their organizations. They must be visible, approachable and able to articulate security principles simply and concisely. They should also collaborate with contemporaries outside their organizations to gain a richer understanding of the CISO role.

Listen to the podcast: Directors Are From Mars, CISOs Are From Venus

It Takes All Kinds

The CISO role is all about leadership, like any other C-level position. The next-generation CISO must know how to delegate tasks based on skills that come from a variety of sources. You may have employees who are good at managing and leading a team, for example, and others who might excel at working with peers from various departments. Some employees might build leadership skills through their technical savvy as subject matter experts. A successful leader knows how to identify and harness these traits and these individuals to build a strong security program.

Aligning Security With Business Goals

It’s crucial for the CISO to be relevant to the business. This means taking on a more strategic role to pivot board conversations toward risk management. It also includes going beyond the negative consequences and explaining risk in terms of its positive effects, such as competitive advantage, business growth and revenue expansion.

Relentless passion and a results-oriented drive are essential to deliver upon business goals. CISOs must build strong teams of security professionals who buy into these goals. They must also be adept at problem-solving, managing the concerns and expectations of stakeholders, and formulating effective solutions to complex problems.

Empowering the Next-Generation CISO

Finally, security leaders must posses certain board-level skills. Of course, they must master the vital aspects of managing security technologies and protecting both digital and physical assets. CISOs should focus on establishing strong security policies and communicating risks in plain, relevant terms to executives. They need to drive discussions in board meetings to educate, engage and align stakeholders with respect to their security strategies and initiatives.

The key is to understand that business operations and information assets are crown jewels. That principle should influence CISOs to institute strategic governance that prioritizes information security investments and aligns with business goals.

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today