CISO
January 26, 2018 By Christophe Veltsos 4 min read

As fans of “Star Wars,” we’ve watched a multitude of characters evolve on the screen and rise to the challenge posed by dark and powerful enemy forces. Jedi warriors, Wookiee warriors, fighter pilots, and an array of diplomats and military commanders have fascinated us for four decades.

Meanwhile, back on planet Earth, in this decade, we too are left fighting dark and powerful enemy forces. It’s only natural to wonder which of these types of characters would best serve as chief information security officers (CISOs) for our organizations to defend us from the threats of a digital empire that continues its relentless expansion and threatens our organization’s very survival.

Let’s take a look at some traits from the “Star Wars” characters we’ve grown to love and explore how those might be applicable to CISOs today.

The Jedi Warrior

The simple utterance of the word brings about visions of strength and courage, even in the face of certain doom, but also that of an innate ability to sense when the world is in balance or when there is “a disturbance in the Force.” Much as CISOs can come from varied occupations, Jedi come from various planets and backgrounds. While many sport a lightsaber of an appropriate color, it is truly what’s inside them that brings comfort and strength in the heat of battle: their ability to connect with the Force and to direct it to their advantage.

The way of the Jedi warrior is that of mind over matter, yet they are not afraid to get into a close combat situation if need be, and they are definitely adept at handling a multitude of weapons. For CISOs, these traits — calmness, control, agility and speed — and a mastery of many (usually defensive) weapons would serve them well.

However, CISOs, like the Jedis Luke and Rey, aren’t invincible. They’re still human, after all. They have to be careful that when engaged in combat — or incident response — they make moves the enemy won’t predict. And assuming they live to fight another day, CISOs also have to ensure that any sacrifice is part of a greater strategy for organizational survival, or better yet, toward ensuring a more prosperous and just future.

The Admiral

Over the course of the “Star Wars” saga, we also met many military leaders, perhaps none as memorable as Admiral Ackbar — famous for the one line that could be quite useful in your next security budget meeting: “It’s a trap!”

Unlike the warrior CISO working on mastering the Force and understanding the universe, the admiral CISO character is that of a military leader facing the enemy straight on, ready to deploy the full complement of his or her well-trained force, ready to overwhelm the enemy with the speed and precision of the response. The Admiral CISO is a strong leader, ready to defend the organization and serve its leaders to the best of his or her ability.

However, as the last decade of cyber incidents and data breaches has proven, in cyberspace, the enemy can take on many forms — much like a shapeshifter. Instead of a clearly delineated battlefront, the Admiral CISO is left wondering whether the threat will come from within or from halfway across the galaxy.

The Diplomat/Ambassador

In between the battle scenes, we often found ourselves drawn to the intriguing world of diplomacy, with Jedi Ambassadors and Diplomats. Often operating as the public face of the government or organization they were representing, ambassadors served in advisory roles to other government leaders, but also used their talents to develop stronger ties with allies. Diplomats in the “Star Wars” universe were obviously skilled negotiators, but many were also skilled combatants, ready to spring into action to save their own lives and those of their allies.

The Diplomat CISO is one that also demonstrates a keen ability to negotiate — a skill that also implies an ability to listen attentively and take the time to understand the other side’s needs and concerns. The Diplomat CISO is at home on whatever planet they happen to be on today; they blend with the local crowds, can speak the language, can laugh at their jokes and are able to align their own goals with those of the people around them.

The Fighter Pilot

Who can forget the first time they heard one of the X-Wing leaders exclaim “stay on target”? Immortalized by Han Solo’s performance, and more recently by Poe, the fighter pilots are brave, work fairly well as a team and often go well beyond the call of duty to perform surgical strikes and defend the fleet.

However, fighter pilots — at least those portrayed in “Star Wars” episodes — have also shown themselves to be ready and willing to go it alone, as well as to disobey orders from above. This cowboy-like behavior, while potentially appealing to some CISOs, is unlikely to serve the organization well, considering trust is a two-way street (space corridor) built on stable behaviors as opposed to heroic antics.

The Chewbacca

Of the many alien species that fans of “Star Wars” have been exposed to, none stand out as clearly as that of a Wookiee warrior named Chewbacca. Chewie, as he is affectionately known, turned out to be a fantastic partner to one of the best fighter pilots in the galaxy, and thus deserves a special mention. Chewie saved Han Solo’s life on multiple occasions and proved himself time and again as pilot of the Millenium Falcon.

But beyond the heroics, Chewie also left us wondering what exactly did he mean by “RAWRGWAWGGR” (yes, that’s an actual quote). While Chewie the CISO would prove to be a good “wingman” to the leadership of the organization, he would likely leave everyone quite confused as to the exact meaning of the buzzwords uttered.

The CISO as the Ultimate Defender of the Galaxy

As the role of the CISO evolves and adapts to growing demands and cyber risks, business leaders are often wondering if the person in charge of the organization’s incident response strategy has what it takes to defend against the Empire and the constant stream of threats stemming from it.

The CISO as a security leader must be multitalented, one minute conversing with the top leadership about strategies and alliances — much like the Admiral and the Ambassador would do — and the next minute directing the alliance’s response to new threats with the precision of a Pilot. And all the while, they must be using their knowledge of the organization’s defenses and that of enemy weapons, the threats and tools at the disposal of attackers today, to ensure a healthy balance.

When it comes to the Force, the Jedi CISO will have realized that intuition alone isn’t enough to fight today’s battles. Instead, intuition must be supplemented with a dashboard that confirms what the CISO sensed, that uneasy feeling, the disturbance in the Force.

 |  |  |  | 
Christophe Veltsos
InfoSec, Risk, and Privacy Strategist - Minnesota State University, Mankato

More from CISO
November 13, 2023

Empowering cybersecurity leadership: Strategies for effective Board engagement

4 min read - With the increased regulation surrounding cyberattacks, more and more executives are seeing these attacks for what they are - serious threats to business operations, profitability and business survivability. But what about the Board of Directors? Are they getting all the information they need? Are they aware of your organization’s cybersecurity initiatives? Do they understand why those initiatives matter? Maybe not. According to Harvard Business Review, only 47% of board members regularly engage with their CISO. There appears to be a…

October 27, 2023

The evolution of 20 years of cybersecurity awareness

3 min read - Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue. 2004 - 2009: Inaugural year and beyond This early period emphasized general cybersecurity hygiene,…

October 10, 2023

C-suite weighs in on generative AI and security

3 min read - Generative AI (GenAI) is poised to deliver significant benefits to enterprises and their ability to readily respond to and effectively defend against cyber threats. But AI that is not itself secured may introduce a whole new set of threats to businesses. Today IBM’s Institute for Business Value published “The CEO's guide to generative AI: Cybersecurity," part of a larger series providing guidance for senior leaders planning to adopt generative AI models and tools. The materials highlight key considerations for CEOs…

August 3, 2023

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature