As the new year approaches, one might wonder how to best prepare for what 2016 will bring. If 2015 is any indication, the role of the CISO will continue to mature and evolve well beyond the confines of IT. CISOs and aspiring CISOs have basically chosen a role that is continuously evolving — imagine jumping on a moving train. Thus, the moment for New Year’s resolutions seems like a good time to propose looking 10 (or 50) steps ahead and trying to catch the train there.

In 2015, readers hopefully enjoyed my articles on the nature of the conversations that CISOs are having with business leaders, why boards of directors are finally asking about cyber risks, the questions that boards are asking CISOs and comments on how CISOs should report risks to boards. The information on executive communication and the evolving role of the CISO is key for security leaders.

So are you a security leader? Are you moving in that direction? Are you moving to where the train is headed?

Choosing the Time

The first question would be to ask yourself: Are you ready to go now? Not everyone is ready to jump on the train; some may prefer to delay another year, either for professional or for personal reasons. Others may choose to see what their peers are doing, but this approach could result in a professional being left behind.

Choosing a Path

If you have decided to make 2016 a special year of growth and opportunities, the next step is to look around and choose a general direction. The exact path may not be obvious quite yet, but as the CISO’s role matures, it will bring with it new opportunities — and, of course, challenges. So in which general direction do you want to go?

Which Train?

All roads may lead to Rome, but not all trains will transport you toward becoming a more effective CISO. I submit that the effective CISO in 2016 needs to be one who is in tune with the business, whose actions are aligned with the business and whose counsel is repeatedly sought after to assist top management and the board.

This will include tasks such as monitoring, evaluating and directing all activities related to managing and oversight of cyber risks. One of the many ways in which the CISO role is evolving is that of becoming a digital trust officer for the organization.

What’s on Your Reading List?

The most effective CISOs that I know have two major traits. First, they are business-focused in nearly everything that they do. This in no way prevents them from also being skilled at understanding — and in some cases still doing — complex technical security concepts and actions.

Secondly, effective CISOs continually seek to grow their perspective beyond the confines of IT. As one of my CISO friends, Bruno Kerouanton, wrote, “IT is a discipline that can only be complete if we increase the spectrum of knowledge through various channels. History and philosophy are now integral to my vision whenever I think of the future of our technology.” (Translated from the original French by the author.)

So for 2016, reboot your reading list. Are you really investing in yourself and your future if you have fewer than 10 titles in waiting? Browse books in topics such as business, communications (of the human sort), risk management (i.e., ERM) and even top management and board governance.

Broaden Your Horizons

For those times when you’d rather bits of wisdom come your way without much effort on your part, broaden your horizons by trying out some business- or leadership-focused newsletters.

For example, Leadership Vision Consulting is a company whose objective is to “provide a behavior-based understanding of individuals, a clarity to team dynamics and the necessary resources to sustain a strengths-based organizational culture.” You can subscribe to its free newsletter for more information.

Harvard Business Review provides a wealth of articles (and books) on many subjects that CISOs should find relevant. You can subscribe to several newsletters on various topics, including: Management Tip of the Day; Daily Alert; Technology and Innovation; and Strategy and Execution.

Back in technology-related focus, Michael Rasmussen’s blog is a top resource on all things GRC-related. Another top blog from Norman Marks takes an even broader view, looking at enterprise risk management as a whole.

What Company Do You Keep?

So now that you’ve rebooted your reading lists, what’s next? How about making new connections with folks who might have a different focus — perhaps not CISOs — or a different approach or background (i.e., a CISO from a legal background). You can even connect with a CISO who has been highlighted as a thought leader.

A good way to meet some of these new faces and fresh perspectives is to refresh your involvement on advisory boards, conference planning committees and the like. If you feel like you’re at the top of your game, what new connections can you make to open your eyes to even higher levels?

Moving Up or Moving On?

Sometimes, there comes a point when we realize we are no longer a good fit for the organization where we’ve spent many years. If you reach that point, read “Evaluating and Attracting Your Next CISO: More Sophisticated Approaches for a More Sophisticated Role” to find out about how your own experience and actions match what companies are being advised to look for in a CISO.

Even if you’re not getting ready to leave, the article can help you assess where you’ve been as a CISO and where you might have to go to catch the train.

More from CISO

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…

What’s new in the 2023 Cost of a Data Breach report

3 min read - Data breach costs continue to grow, according to new research, reaching a record-high global average of $4.45 million, representing a 15% increase over three years. Costs in the healthcare industry continued to top the charts, as the most expensive industry for the 13th year in a row. Yet as breach costs continue to climb, the research points to new opportunities for containing breach costs. The research, conducted independently by Ponemon Institute and analyzed and published by IBM Security, constitutes the…

Cyber leaders: Stop being your own worst career enemy. Here’s how.

24 min read - Listen to this podcast on Apple Podcasts, Spotify or wherever you find your favorite audio content. We’ve been beating the cyber talent shortage drum for a while now, and with good reason. The vacancy numbers are staggering, with some in the industry reporting as many as 3.5 million unfilled positions as of April 2023 and projecting the disparity between supply and demand will remain until 2025. Perhaps one of the best (and arguably only) ways we can realistically bridge this gap is to…

Poor communication during a data breach can cost you — Here’s how to avoid it

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…