Is Your CISO a Jedi Warrior, an Admiral or a Diplomat?

As fans of “Star Wars,” we’ve watched a multitude of characters evolve on the screen and rise to the challenge posed by dark and powerful enemy forces. Jedi warriors, Wookiee warriors, fighter pilots, and an array of diplomats and military commanders have fascinated us for four decades.

Meanwhile, back on planet Earth, in this decade, we too are left fighting dark and powerful enemy forces. It’s only natural to wonder which of these types of characters would best serve as chief information security officers (CISOs) for our organizations to defend us from the threats of a digital empire that continues its relentless expansion and threatens our organization’s very survival.

Let’s take a look at some traits from the “Star Wars” characters we’ve grown to love and explore how those might be applicable to CISOs today.

The Jedi Warrior

The simple utterance of the word brings about visions of strength and courage, even in the face of certain doom, but also that of an innate ability to sense when the world is in balance or when there is “a disturbance in the Force.” Much as CISOs can come from varied occupations, Jedi come from various planets and backgrounds. While many sport a lightsaber of an appropriate color, it is truly what’s inside them that brings comfort and strength in the heat of battle: their ability to connect with the Force and to direct it to their advantage.

The way of the Jedi warrior is that of mind over matter, yet they are not afraid to get into a close combat situation if need be, and they are definitely adept at handling a multitude of weapons. For CISOs, these traits — calmness, control, agility and speed — and a mastery of many (usually defensive) weapons would serve them well.

However, CISOs, like the Jedis Luke and Rey, aren’t invincible. They’re still human, after all. They have to be careful that when engaged in combat — or incident response — they make moves the enemy won’t predict. And assuming they live to fight another day, CISOs also have to ensure that any sacrifice is part of a greater strategy for organizational survival, or better yet, toward ensuring a more prosperous and just future.

The Admiral

Over the course of the “Star Wars” saga, we also met many military leaders, perhaps none as memorable as Admiral Ackbar — famous for the one line that could be quite useful in your next security budget meeting: “It’s a trap!”

Unlike the warrior CISO working on mastering the Force and understanding the universe, the admiral CISO character is that of a military leader facing the enemy straight on, ready to deploy the full complement of his or her well-trained force, ready to overwhelm the enemy with the speed and precision of the response. The Admiral CISO is a strong leader, ready to defend the organization and serve its leaders to the best of his or her ability.

However, as the last decade of cyber incidents and data breaches has proven, in cyberspace, the enemy can take on many forms — much like a shapeshifter. Instead of a clearly delineated battlefront, the Admiral CISO is left wondering whether the threat will come from within or from halfway across the galaxy.

The Diplomat/Ambassador

In between the battle scenes, we often found ourselves drawn to the intriguing world of diplomacy, with Jedi Ambassadors and Diplomats. Often operating as the public face of the government or organization they were representing, ambassadors served in advisory roles to other government leaders, but also used their talents to develop stronger ties with allies. Diplomats in the “Star Wars” universe were obviously skilled negotiators, but many were also skilled combatants, ready to spring into action to save their own lives and those of their allies.

The Diplomat CISO is one that also demonstrates a keen ability to negotiate — a skill that also implies an ability to listen attentively and take the time to understand the other side’s needs and concerns. The Diplomat CISO is at home on whatever planet they happen to be on today; they blend with the local crowds, can speak the language, can laugh at their jokes and are able to align their own goals with those of the people around them.

The Fighter Pilot

Who can forget the first time they heard one of the X-Wing leaders exclaim “stay on target”? Immortalized by Han Solo’s performance, and more recently by Poe, the fighter pilots are brave, work fairly well as a team and often go well beyond the call of duty to perform surgical strikes and defend the fleet.

However, fighter pilots — at least those portrayed in “Star Wars” episodes — have also shown themselves to be ready and willing to go it alone, as well as to disobey orders from above. This cowboy-like behavior, while potentially appealing to some CISOs, is unlikely to serve the organization well, considering trust is a two-way street (space corridor) built on stable behaviors as opposed to heroic antics.

The Chewbacca

Of the many alien species that fans of “Star Wars” have been exposed to, none stand out as clearly as that of a Wookiee warrior named Chewbacca. Chewie, as he is affectionately known, turned out to be a fantastic partner to one of the best fighter pilots in the galaxy, and thus deserves a special mention. Chewie saved Han Solo’s life on multiple occasions and proved himself time and again as pilot of the Millenium Falcon.

But beyond the heroics, Chewie also left us wondering what exactly did he mean by “RAWRGWAWGGR” (yes, that’s an actual quote). While Chewie the CISO would prove to be a good “wingman” to the leadership of the organization, he would likely leave everyone quite confused as to the exact meaning of the buzzwords uttered.

The CISO as the Ultimate Defender of the Galaxy

As the role of the CISO evolves and adapts to growing demands and cyber risks, business leaders are often wondering if the person in charge of the organization’s incident response strategy has what it takes to defend against the Empire and the constant stream of threats stemming from it.

The CISO as a security leader must be multitalented, one minute conversing with the top leadership about strategies and alliances — much like the Admiral and the Ambassador would do — and the next minute directing the alliance’s response to new threats with the precision of a Pilot. And all the while, they must be using their knowledge of the organization’s defenses and that of enemy weapons, the threats and tools at the disposal of attackers today, to ensure a healthy balance.

When it comes to the Force, the Jedi CISO will have realized that intuition alone isn’t enough to fight today’s battles. Instead, intuition must be supplemented with a dashboard that confirms what the CISO sensed, that uneasy feeling, the disturbance in the Force.

Christophe Veltsos

InfoSec, Risk, and Privacy Strategist - Minnesota State University, Mankato

Chris Veltsos is a professor in the Department of Computer Information Science at Minnesota State University, Mankato...