March 23, 2017 By Christophe Veltsos 3 min read

“Each person’s behavior toward the other determines whether the relational dimension leads to a conversation that is rich or poor. In other words, what you do will influence what they do: if you confront them, they may confront you; if you try to appease them, they may take advantage of you and then feel aggrieved if you then change tack and become more assertive.” — “Talking the Walk,” a publication of The Partnering Initiative.

Why should chief information security officers (CISOs) consider themselves as digital trust diplomats? It is undeniable that today’s CISOs have to play multiple roles. They must be able to converse about deeply technical and complex issues one minute and translate how all these issues can impact the company’s bottom line the next.

One of the skills that is becoming more necessary for CISOs is diplomacy. However, diplomacy isn’t confined to the simplistic idea of endless meetings, tit-for-tat swaps and complex, multiparty negotiations. CISOs are at the center of a conflict of unprecedented scale and significance. And yet, as digital trust diplomats, CISOs have a lot to offer, and many professionals have a lot to learn.

The CISO as a Digital Trust Diplomat

The currency of the diplomat is trust. CISOs must be tactful in their negotiations and attempts at influencing without authority. They must also be strategic enough to realize that the way forward and upward for the business isn’t just about cybersecurity — it’s also about projecting a sound approach to protecting the data entrusted to the organization. Digital trust is critical to every organization’s future health.

In the digital world, diplomacy and trust go hand in hand. According to a report by Accenture, “Trust is the cornerstone of the digital economy. Without it, digital businesses cannot use and share the data that underpins their operations.” In other words, the CISO, as a diplomat, can help build that trust internally with the C-suite and the board and externally by ensuring the organization deliver on its promises to customers and business partners.

Digital trust can be a differentiator and a competitive edge. A PwC report echoed that sentiment: “We’re in the decade of digital change in which only the fit will survive and thrive. And to be digitally fit, you need to be digitally trusted — by customers, suppliers, in fact by all the stakeholders in your business.” The report further stated that “digital risk and the need to build trust should be treated as an enterprise issue for which boards need to develop a clear risk appetite to suit their specific business circumstances.”

What’s Your Grade Level?

So, how good are you at being a diplomat? The Organisation for Economic Cooperation and Development (OECD) published a Competency Framework that outlined 15 core competencies that are key to helping organizations achieve their objectives. The framework organized those competencies into three groups:

  1. Delivery-related competencies focused on achieving results, such as analytical thinking, achievement focus, drafting skills, flexible thinking, managing resources, and teamwork and team leadership;
  2. Interpersonal competencies focused on building relationships, such as client focus, diplomatic sensitivity, influencing, negotiating and organizational knowledge; and
  3. Strategic competencies focused on planning for the future, such as developing talent, navigating organizational alignment, strategic networking and strategic thinking.

The framework provided different behavioral indicators associated with different job levels, ranging from level 1 for assistants, secretaries and operators to level 5 for heads of division, counselors, deputy directors and directors. It’s a good way for CISOs to evaluate their own competencies and create road maps to improve weak areas.

A TV Show To the Rescue?

The reports and frameworks mentioned above offer useful, if not actionable, information. However, this article came about because of a TV show called “Madam Secretary,” and the parallels between a diplomat’s daily crises and that of a CISO’s.

Starring Téa Leoni as Elizabeth McCord, U.S. Secretary of State, the show explores issues in international — that is to say, traditional — diplomacy, whether it’s a crisis in our backyard or halfway around the world. However, the show also lets viewers in on behind-the-scenes actions, deliberations and negotiations that sometimes result in successful diplomatic resolutions.

While watching the show might not improve your ability to speak a foreign language, there are many situations with strong parallels in the business world, especially from the perspective of a CISO trying to manage a near-continuous stream of crises. Your organization’s success depends on it.

Listen to the podcast series: Take Back Control of Your Cybersecurity now

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today