March 23, 2017 By Christophe Veltsos 3 min read

“Each person’s behavior toward the other determines whether the relational dimension leads to a conversation that is rich or poor. In other words, what you do will influence what they do: if you confront them, they may confront you; if you try to appease them, they may take advantage of you and then feel aggrieved if you then change tack and become more assertive.” — “Talking the Walk,” a publication of The Partnering Initiative.

Why should chief information security officers (CISOs) consider themselves as digital trust diplomats? It is undeniable that today’s CISOs have to play multiple roles. They must be able to converse about deeply technical and complex issues one minute and translate how all these issues can impact the company’s bottom line the next.

One of the skills that is becoming more necessary for CISOs is diplomacy. However, diplomacy isn’t confined to the simplistic idea of endless meetings, tit-for-tat swaps and complex, multiparty negotiations. CISOs are at the center of a conflict of unprecedented scale and significance. And yet, as digital trust diplomats, CISOs have a lot to offer, and many professionals have a lot to learn.

The CISO as a Digital Trust Diplomat

The currency of the diplomat is trust. CISOs must be tactful in their negotiations and attempts at influencing without authority. They must also be strategic enough to realize that the way forward and upward for the business isn’t just about cybersecurity — it’s also about projecting a sound approach to protecting the data entrusted to the organization. Digital trust is critical to every organization’s future health.

In the digital world, diplomacy and trust go hand in hand. According to a report by Accenture, “Trust is the cornerstone of the digital economy. Without it, digital businesses cannot use and share the data that underpins their operations.” In other words, the CISO, as a diplomat, can help build that trust internally with the C-suite and the board and externally by ensuring the organization deliver on its promises to customers and business partners.

Digital trust can be a differentiator and a competitive edge. A PwC report echoed that sentiment: “We’re in the decade of digital change in which only the fit will survive and thrive. And to be digitally fit, you need to be digitally trusted — by customers, suppliers, in fact by all the stakeholders in your business.” The report further stated that “digital risk and the need to build trust should be treated as an enterprise issue for which boards need to develop a clear risk appetite to suit their specific business circumstances.”

What’s Your Grade Level?

So, how good are you at being a diplomat? The Organisation for Economic Cooperation and Development (OECD) published a Competency Framework that outlined 15 core competencies that are key to helping organizations achieve their objectives. The framework organized those competencies into three groups:

  1. Delivery-related competencies focused on achieving results, such as analytical thinking, achievement focus, drafting skills, flexible thinking, managing resources, and teamwork and team leadership;
  2. Interpersonal competencies focused on building relationships, such as client focus, diplomatic sensitivity, influencing, negotiating and organizational knowledge; and
  3. Strategic competencies focused on planning for the future, such as developing talent, navigating organizational alignment, strategic networking and strategic thinking.

The framework provided different behavioral indicators associated with different job levels, ranging from level 1 for assistants, secretaries and operators to level 5 for heads of division, counselors, deputy directors and directors. It’s a good way for CISOs to evaluate their own competencies and create road maps to improve weak areas.

A TV Show To the Rescue?

The reports and frameworks mentioned above offer useful, if not actionable, information. However, this article came about because of a TV show called “Madam Secretary,” and the parallels between a diplomat’s daily crises and that of a CISO’s.

Starring Téa Leoni as Elizabeth McCord, U.S. Secretary of State, the show explores issues in international — that is to say, traditional — diplomacy, whether it’s a crisis in our backyard or halfway around the world. However, the show also lets viewers in on behind-the-scenes actions, deliberations and negotiations that sometimes result in successful diplomatic resolutions.

While watching the show might not improve your ability to speak a foreign language, there are many situations with strong parallels in the business world, especially from the perspective of a CISO trying to manage a near-continuous stream of crises. Your organization’s success depends on it.

Listen to the podcast series: Take Back Control of Your Cybersecurity now

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today